Critical

Schneider Electric PowerChute Serial Shutdown

All CISA Advisories

Overview

Schneider Electric's PowerChute Serial Shutdown software has several vulnerabilities that could allow attackers to manipulate system files, inject malicious data, or gain unauthorized access to accounts. Versions 1.4 and earlier are affected by these security flaws, which include issues like improper path restrictions and output handling. If exploited, these vulnerabilities could disrupt services or expose sensitive information across critical sectors such as energy, healthcare, and transportation. Users of affected versions are urged to upgrade to version 1.5, which includes fixes for these issues. The vulnerabilities were disclosed recently, and it is crucial for organizations to address them promptly to mitigate potential risks.

Key Takeaways

  • Affected Systems: Schneider Electric PowerChute Serial Shutdown Versions 1.4 and earlier; affected vendors include Schneider Electric, SuSE, Red Hat, and Microsoft.
  • Action Required: Users should upgrade to PowerChute Serial Shutdown Version 1.
  • Timeline: Disclosed recently

Original Article Summary

View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information. The following versions of Schneider Electric PowerChute Serial Shutdown are affected: PowerChute Serial Shutdown <=1.4 CVSS Vendor Equipment Vulnerabilities v3 6.1 SuSE, Schneider Electric, Red Hat, Microsoft Schneider Electric PowerChute Serial Shutdown Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Encoding or Escaping of Output, Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Improper Validation of Specified Quantity in Input, Improper Neutralization of CRLF Sequences ('CRLF Injection'), Insertion of Sensitive Information into Log File Background Critical Infrastructure Sectors: Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Information Technology, Transportation Systems Countries/Areas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-2399 PowerChute is vulnerable to improper restriction of file paths, which could allow critical system files to be overwritten with unintended data. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix The following product versions have been fixed: PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2399. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2399. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2399. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 4.0 6.9 MEDIUM CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2026-2404 PowerChute is vulnerable to improper output encoding, which may allow crafted input to be reflected in log files in unexpected ways. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2404. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2404. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2404. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-116 Improper Encoding or Escaping of Output Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 4.0 6.9 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2026-2402 PowerChute is vulnerable to insufficient limitations on repeated authentication attempts across multiple endpoints. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix (CVE-2026-2402) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix (CVE-2026-2402) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2402. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2402. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2402. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-307 Improper Restriction of Excessive Authentication Attempts Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 4.0 6.9 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-2405 PowerChute is vulnerable to uncontrolled resource consumption when certain system operations are triggered excessively. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2405. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2405. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2405. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-400 Uncontrolled Resource Consumption Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 4.0 5.3 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-2403 PowerChute is vulnerable to improper validation of quantity‑related inputs, which can cause event and data logs to be truncated. As a result, important audit information may be lost, reducing visibility into system behavior. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2403. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2403. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2403. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-1284 Improper Validation of Specified Quantity in Input Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N 4.0 5.3 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVE-2026-2400 PowerChute is vulnerable to improper handling of newline sequences in certain inputs, enabling unexpected modification of configuration‑related data. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2400. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2400. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2400. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L 4.0 5.3 MEDIUM CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2026-2401 PowerChute is vulnerable to improper logging of sensitive information when certain user‑triggered operations occur. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/ Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/). https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/ Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2401. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2401. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2401. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-532 Insertion of Sensitive Information into Log File Metrics CVSS Version Base Score Base Severity Vector String 3.1 2.8 LOW CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N 4.0 2.4 LOW CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N Acknowledgments Schneider Electric reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-14 Date Revision Summary 2026-04-14 1 Initial Publication 2026-07-09 2 Initial Republication of Schneider Electric CPCERT SEVD-2026-104-01 Legal Notice and Terms of Use

Impact

Schneider Electric PowerChute Serial Shutdown Versions 1.4 and earlier; affected vendors include Schneider Electric, SuSE, Red Hat, and Microsoft.

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Disclosed recently

Remediation

Users should upgrade to PowerChute Serial Shutdown Version 1.5 to mitigate vulnerabilities. Specific download links for Windows and Linux versions are provided: Windows - https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/; Linux - https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/. Additional hardening guidelines can be found in the Security Handbook.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Windows, Linux, Phishing, and 6 more.

Related Coverage

ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access

The Hacker News

The ShadowPad malware is exploiting a recently patched vulnerability in Microsoft Windows Server Update Services (WSUS), identified as CVE-2025-59287, allowing attackers to gain full system access. This exploitation highlights the critical need for organizations to promptly apply security updates to vulnerable systems to prevent unauthorized access.

Nov 24, 2025

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

The Hacker News

This week, significant cybersecurity threats emerged as hackers exploited new 0-day vulnerabilities in Fortinet and Chrome, infiltrating supply chains and SaaS tools. The rapid response from major companies like Microsoft, Salesforce, and Google highlights the severity of these attacks and the ongoing challenges in securing trusted applications and software updates.

Nov 24, 2025

Microsoft Highlights Security Risks Introduced by New Agentic AI Feature

SecurityWeek

Microsoft has raised concerns about the security risks associated with its new Agentic AI feature, highlighting the potential for AI agents to engage in malicious activities like data exfiltration and malware installation if not properly secured. This underscores the critical need for robust security controls to mitigate these risks.

Nov 24, 2025

ToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access Tokens

The Hacker News

ToddyCat, a threat actor, has developed a new tool called TCSectorCopy to steal Outlook emails and Microsoft 365 access tokens by exploiting the OAuth 2.0 authorization protocol through users' browsers. This poses a significant threat to corporate email security, as it allows unauthorized access to sensitive information outside the compromised infrastructure.

Nov 25, 2025

Microsoft: Security keys may prompt for PIN after recent updates

BleepingComputer

Microsoft has alerted users that FIDO2 security keys may require a PIN for sign-in following recent Windows updates since September 2025. This change could affect user experience and security practices, particularly for those relying on these security keys for authentication.

Nov 26, 2025

Microsoft to secure Entra ID sign-ins from script injection attacks

BleepingComputer

Microsoft is set to enhance the security of its Entra ID authentication system to protect against external script injection attacks starting in mid-to-late October 2026. This improvement aims to mitigate potential vulnerabilities that could be exploited by attackers to compromise user sign-ins.

Nov 26, 2025