[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTuiCy3t31vKpwC9zELLnson5e1B5Xf-_n5UtNrVyyDM":3},{"article":4,"iocs":47},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":30,"category":31,"article_tags":34},"3f78a015-b0c1-4d40-ad5b-ec9d4bfead94","Schneider Electric PowerChute Serial Shutdown","schneider-electric-powerchute-serial-shutdown-3796c9","View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information. The following versions of Schneider Electric PowerChute Serial Shutdown are affected: PowerChute Serial Shutdown \u003C=1.4 CVSS Vendor Equipment Vulnerabilities v3 6.1 SuSE, Schneider Electric, Red Hat, Microsoft Schneider Electric PowerChute Serial Shutdown Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Encoding or Escaping of Output, Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Improper Validation of Specified Quantity in Input, Improper Neutralization of CRLF Sequences ('CRLF Injection'), Insertion of Sensitive Information into Log File Background Critical Infrastructure Sectors: Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Information Technology, Transportation Systems Countries\u002FAreas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-2399 PowerChute is vulnerable to improper restriction of file paths, which could allow critical system files to be overwritten with unintended data. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: \u003C=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix The following product versions have been fixed: PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2399. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2399. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2399. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.1 MEDIUM CVSS:3.1\u002FAV:A\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H 4.0 6.9 MEDIUM CVSS:4.0\u002FAV:A\u002FAC:L\u002FAT:N\u002FPR:H\u002FUI:N\u002FVC:N\u002FVI:H\u002FVA:H\u002FSC:N\u002FSI:N\u002FSA:N CVE-2026-2404 PowerChute is vulnerable to improper output encoding, which may allow crafted input to be reflected in log files in unexpected ways. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: \u003C=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2404. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2404. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2404. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-116 Improper Encoding or Escaping of Output Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N 4.0 6.9 MEDIUM CVSS:4.0\u002FAV:N\u002FAC:L\u002FAT:N\u002FPR:N\u002FUI:N\u002FVC:N\u002FVI:L\u002FVA:N\u002FSC:N\u002FSI:N\u002FSA:N CVE-2026-2402 PowerChute is vulnerable to insufficient limitations on repeated authentication attempts across multiple endpoints. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: \u003C=1.4 Product Status: known_affected Remediations Vendor fix (CVE-2026-2402) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F Vendor fix (CVE-2026-2402) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2402. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2402. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2402. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-307 Improper Restriction of Excessive Authentication Attempts Metrics CVSS Version Base Score Base Severity Vector String 3.1 5.3 MEDIUM CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L 4.0 6.9 MEDIUM CVSS:4.0\u002FAV:N\u002FAC:L\u002FAT:N\u002FPR:N\u002FUI:N\u002FVC:N\u002FVI:N\u002FVA:L\u002FSC:N\u002FSI:N\u002FSA:N CVE-2026-2405 PowerChute is vulnerable to uncontrolled resource consumption when certain system operations are triggered excessively. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: \u003C=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2405. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2405. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2405. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-400 Uncontrolled Resource Consumption Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.3 MEDIUM CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L 4.0 5.3 MEDIUM CVSS:4.0\u002FAV:N\u002FAC:L\u002FAT:N\u002FPR:L\u002FUI:N\u002FVC:N\u002FVI:N\u002FVA:L\u002FSC:N\u002FSI:N\u002FSA:N CVE-2026-2403 PowerChute is vulnerable to improper validation of quantity‑related inputs, which can cause event and data logs to be truncated. As a result, important audit information may be lost, reducing visibility into system behavior. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: \u003C=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2403. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2403. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2403. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-1284 Improper Validation of Specified Quantity in Input Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.3 MEDIUM CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N 4.0 5.3 MEDIUM CVSS:4.0\u002FAV:N\u002FAC:L\u002FAT:N\u002FPR:L\u002FUI:N\u002FVC:N\u002FVI:L\u002FVA:N\u002FSC:N\u002FSI:N\u002FSA:N CVE-2026-2400 PowerChute is vulnerable to improper handling of newline sequences in certain inputs, enabling unexpected modification of configuration‑related data. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: \u003C=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2400. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2400. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2400. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') Metrics CVSS Version Base Score Base Severity Vector String 3.1 4.3 MEDIUM CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:N\u002FA:L 4.0 5.3 MEDIUM CVSS:4.0\u002FAV:N\u002FAC:L\u002FAT:N\u002FPR:L\u002FUI:N\u002FVC:N\u002FVI:N\u002FVA:L\u002FSC:N\u002FSI:N\u002FSA:N CVE-2026-2401 PowerChute is vulnerable to improper logging of sensitive information when certain user‑triggered operations occur. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor: SuSE, Schneider Electric, Red Hat, Microsoft Product Version: SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: \u003C=1.4 Product Status: known_affected Remediations Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F Vendor fix SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F). https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F Mitigation Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook. https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2401. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2401. Vendor fix PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2401. Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fix For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json). https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-532 Insertion of Sensitive Information into Log File Metrics CVSS Version Base Score Base Severity Vector String 3.1 2.8 LOW CVSS:3.1\u002FAV:L\u002FAC:L\u002FPR:L\u002FUI:R\u002FS:U\u002FC:L\u002FI:N\u002FA:N 4.0 2.4 LOW CVSS:4.0\u002FAV:L\u002FAC:L\u002FAT:N\u002FPR:L\u002FUI:P\u002FVC:L\u002FVI:N\u002FVA:N\u002FSC:N\u002FSI:N\u002FSA:N Acknowledgments Schneider Electric reported these vulnerabilities to CISA Legal Notice and Terms of Use This product is provided subject to this Notification (https:\u002F\u002Fwww.cisa.gov\u002Fnotification) and this Privacy & Use policy (https:\u002F\u002Fwww.cisa.gov\u002Fprivacy-policy). Recommended Practices CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all control system devices and\u002For systems, ensuring they are not accessible from the internet. Locate control system networks and remote devices behind firewalls and isolating them from business networks. When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices. CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies. CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents. CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks. No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time. Revision History Initial Release Date: 2026-04-14 Date Revision Summary 2026-04-14 1 Initial Publication 2026-07-09 2 Initial Republication of Schneider Electric CPCERT SEVD-2026-104-01 Legal Notice and Terms of Use","Schneider Electric's PowerChute Serial Shutdown software, versions 1.4 and prior, contains multiple vulnerabilities including path traversal, improper output encoding, excessive authentication attempts, uncontrolled resource consumption, improper input validation, CRLF injection, and sensitive information logging. Successful exploitation could lead to file overwrites, unauthorized access, denial-of-service, and data exposure. A fix is available in version 1.5.","Schneider Electric PowerChute Serial Shutdown vulnerable to multiple critical flaws.","ICS Advisory Schneider Electric PowerChute Serial Shutdown Release DateJuly 09, 2026 Alert CodeICSA-26-190-02 Related topics: Industrial Control System Vulnerabilities , Industrial Control Systems View CSAF Summary Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information. The following versions of Schneider Electric PowerChute Serial Shutdown are affected: PowerChute Serial Shutdown \u003C=1.4 CVSS Vendor Equipment Vulnerabilities v3 6.1 SuSE, Schneider Electric, Red Hat, Microsoft Schneider Electric PowerChute Serial Shutdown Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Encoding or Escaping of Output, Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Improper Validation of Specified Quantity in Input, Improper Neutralization of CRLF Sequences ('CRLF Injection'), Insertion of Sensitive Information into Log File Background Critical Infrastructure Sectors: Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Information Technology, Transportation Systems Countries\u002FAreas Deployed: Worldwide Company Headquarters Location: France Vulnerabilities Expand All + CVE-2026-2399 PowerChute is vulnerable to improper restriction of file paths, which could allow critical system files to be overwritten with unintended data. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor:SuSE, Schneider Electric, Red Hat, Microsoft Product Version:SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: \u003C=1.4 Product Status:known_affected Remediations Vendor fixSuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F).https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F Vendor fixSuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F).https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F MitigationSpecific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fixThe following product versions have been fixed: PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2399. Vendor fixPowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2399. Vendor fixPowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2399. Vendor fixFor more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf Vendor fixFor more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Metrics CVSS Version Base Score Base Severity Vector String 3.1 6.1 MEDIUM CVSS:3.1\u002FAV:A\u002FAC:L\u002FPR:H\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H 4.0 6.9 MEDIUM CVSS:4.0\u002FAV:A\u002FAC:L\u002FAT:N\u002FPR:H\u002FUI:N\u002FVC:N\u002FVI:H\u002FVA:H\u002FSC:N\u002FSI:N\u002FSA:N CVE-2026-2404 PowerChute is vulnerable to improper output encoding, which may allow crafted input to be reflected in log files in unexpected ways. View CVE Details Affected Products Schneider Electric PowerChute Serial Shutdown Vendor:SuSE, Schneider Electric, Red Hat, Microsoft Product Version:SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: \u003C=1.4 Product Status:known_affected Remediations Vendor fixSuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F).https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F Vendor fixSuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_WIN_EN\u002F). Linux (https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F).https:\u002F\u002Fwww.se.com\u002Fww\u002Fen\u002Fdownload\u002Fdocument\u002FSPD-PCSS_LNX_EN\u002F MitigationSpecific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SPD_CCON-PCSSSH_EN Vendor fixPowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2404. Vendor fixPowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2404. Vendor fixPowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2404. Vendor fixFor more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown - SEVD-2026-104-01 PDF Version (https:\u002F\u002Fdownload.schneider-electric.com\u002Ffiles?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChu","https:\u002F\u002Fwww.cisa.gov\u002Fnews-events\u002Fics-advisories\u002Ficsa-26-190-02",null,"2026-07-09T12:00:00+00:00","2026-07-09T18:00:18.228882+00:00",8,[18,21,24,26,28],{"name":19,"type":20},"PowerChute Serial Shutdown","product",{"name":22,"type":23},"Schneider Electric","vendor",{"name":25,"type":23},"SuSE",{"name":27,"type":23},"Red Hat",{"name":29,"type":23},"Microsoft","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":30,"icon":13,"name":32,"slug":33},"Vulnerabilities","vulnerabilities",[35,37,42],{"category":36},{"id":30,"icon":13,"name":32,"slug":33},{"category":38},{"id":39,"icon":13,"name":40,"slug":41},"d6f63bb8-0801-486a-be7f-171400700454","IoT\u002FOT","iot-ot",{"category":43},{"id":44,"icon":13,"name":45,"slug":46},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[48,52,55,58,61,64,67],{"type":49,"value":50,"context":51},"cve","CVE-2026-2399","Improper restriction of file paths",{"type":49,"value":53,"context":54},"CVE-2026-2404","Improper output encoding",{"type":49,"value":56,"context":57},"CVE-2026-2402","Insufficient limitations on repeated authentication attempts",{"type":49,"value":59,"context":60},"CVE-2026-2405","Uncontrolled resource consumption",{"type":49,"value":62,"context":63},"CVE-2026-2403","Improper validation of specified quantity in input",{"type":49,"value":65,"context":66},"CVE-2026-2400","Improper handling of CRLF sequences",{"type":49,"value":68,"context":69},"CVE-2026-2401","Improper logging of sensitive information"]