CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

Schneider Electric PowerChute Serial Shutdown

criticalCVE-2026-2399CVE-2026-2404CVE-2026-2405CVE-2026-2403CVE-2026-2400CVE-2026-2401
View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information. The following versions of Schneider Electric PowerChute Serial Shutdown are affected: PowerChute Serial Shutdown <=1.4 CVSS Vendor Equipment Vulnerabilities v3 6.1 SuSE, Schneider Electric, Red Hat, Microsoft Schneider Electric PowerChute Serial Shutdown Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Encoding or Escaping of Output, Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Improper Validation of Specified Quantity in Input, Improper Neutralization of CRLF Sequences ('CRLF Injection'), Insertion of Sensitive Information into Log File Background Critical Infrastructure Sectors: Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Information Technology, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-2399 PowerChute is vulnerable to improper restriction of file paths, which could allow critical system files to be overwritten with unintended data. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdow

CSIRTS triage

What
Successful exploitation could allow attackers to overwrite critical files and gain unauthorized access.
Who is affected
Deployments of Schneider Electric PowerChute Serial Shutdown version 1.4 and below.
Urgency
Remediation is urgent due to the critical severity and potential for exploitation.
Action
Update to a version above 1.4 to mitigate the vulnerabilities.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch PowerChute Serial Shutdown

Get an email when a new PowerChute Serial Shutdown advisory drops — max one per day, one-click unsubscribe.

Details

Source
CISA Cybersecurity Advisories (US · national-cert · site)
Severity
critical
Published
2026-07-09
Exploitation
Not in CISA KEV at last sync

Original advisory: https://www.cisa.gov/news-events/ics-advisories/icsa-26-190-02

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-2399coverage & exploitation statusNVD · CVE.org
CVE-2026-2404coverage & exploitation statusNVD · CVE.org
CVE-2026-2405coverage & exploitation statusNVD · CVE.org
CVE-2026-2403coverage & exploitation statusNVD · CVE.org
CVE-2026-2400coverage & exploitation statusNVD · CVE.org
CVE-2026-2401coverage & exploitation statusNVD · CVE.org
CVE-2026-2402coverage & exploitation statusNVD · CVE.org

More from CISA Cybersecurity Advisories