Schneider Electric PowerChute Serial Shutdown
View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information. The following versions of Schneider Electric PowerChute Serial Shutdown are affected: PowerChute Serial Shutdown <=1.4 CVSS Vendor Equipment Vulnerabilities v3 6.1 SuSE, Schneider Electric, Red Hat, Microsoft Schneider Electric PowerChute Serial Shutdown Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Encoding or Escaping of Output, Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Improper Validation of Specified Quantity in Input, Improper Neutralization of CRLF Sequences ('CRLF Injection'), Insertion of Sensitive Information into Log File Background Critical Infrastructure Sectors: Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Information Technology, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-2399 PowerChute is vulnerable to improper restriction of file paths, which could allow critical system files to be overwritten with unintended data. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdow
CSIRTS triage
- What
- Successful exploitation could allow attackers to overwrite critical files and gain unauthorized access.
- Who is affected
- Deployments of Schneider Electric PowerChute Serial Shutdown version 1.4 and below.
- Urgency
- Remediation is urgent due to the critical severity and potential for exploitation.
- Action
- Update to a version above 1.4 to mitigate the vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch PowerChute Serial Shutdown
Get an email when a new PowerChute Serial Shutdown advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-02
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-23990.20% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 10% of all scored CVEs.
- Low exploitation riskCVE-2026-24040.19% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 8% of all scored CVEs.
- Low exploitation riskCVE-2026-24050.24% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 16% of all scored CVEs.
- Low exploitation riskCVE-2026-24030.17% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 7% of all scored CVEs.
- Low exploitation riskCVE-2026-24000.23% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 14% of all scored CVEs.
- Low exploitation riskCVE-2026-24010.10% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 1% of all scored CVEs.
- Low exploitation riskCVE-2026-24020.27% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 19% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-2399 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-2404 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-2405 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-2403 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-2400 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-2401 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-2402 | coverage & exploitation status | NVD · CVE.org |
More from CISA Cybersecurity Advisories
- highCISA Adds Two Known Exploited Vulnerabilities to Catalog2026-07-10
- criticalOpenPLC v32026-07-09
- criticalSchneider Electric Easergy MiCOM Px40 Series2026-07-09
- criticalSiemens SINEC OS2026-07-07
- highCISA Adds One Known Exploited Vulnerability to Catalog2026-07-07