Schneider Electric PowerChute Serial Shutdown
All CISA Advisories, CISA, July 9, 2026
Summary
Successful exploitation of these vulnerabilities could allow attackers to overwrite critical files, forge or inject malicious log data, gain unauthorized account access, trigger denial‑of‑service conditions, truncate or alter logging information, reset user credentials, or expose sensitive information.
The following versions of Schneider Electric PowerChute Serial Shutdown are affected:
- PowerChute Serial Shutdown <=1.4
| CVSS | Vendor | Equipment | Vulnerabilities |
|---|---|---|---|
| v3 6.1 | SuSE, Schneider Electric, Red Hat, Microsoft | Schneider Electric PowerChute Serial Shutdown | Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’), Improper Encoding or Escaping of Output, Improper Restriction of Excessive Authentication Attempts, Uncontrolled Resource Consumption, Improper Validation of Specified Quantity in Input, Improper Neutralization of CRLF Sequences (‘CRLF Injection’), Insertion of Sensitive Information into Log File |
Background
- Critical Infrastructure Sectors: Communications, Critical Manufacturing, Energy, Healthcare and Public Health, Information Technology, Transportation Systems
- Countries/Areas Deployed: Worldwide
- Company Headquarters Location: France
Vulnerabilities
CVE-2026-2399
PowerChute is vulnerable to improper restriction of file paths, which could allow critical system files to be overwritten with unintended data.
Affected Products
Schneider Electric PowerChute Serial Shutdown
SuSE, Schneider Electric, Red Hat, Microsoft
SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4
known_affected
Remediations
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/
Mitigation
Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.
https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN
Vendor fix
The following product versions have been fixed: PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2399.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2399.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2399.
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json
Relevant CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 6.1 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H |
| 4.0 | 6.9 | MEDIUM | CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N |
CVE-2026-2404
PowerChute is vulnerable to improper output encoding, which may allow crafted input to be reflected in log files in unexpected ways.
Affected Products
Schneider Electric PowerChute Serial Shutdown
SuSE, Schneider Electric, Red Hat, Microsoft
SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4
known_affected
Remediations
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/
Mitigation
Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.
https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2404.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2404.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2404.
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json
Relevant CWE: CWE-116 Improper Encoding or Escaping of Output
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
| 4.0 | 6.9 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
CVE-2026-2402
PowerChute is vulnerable to insufficient limitations on repeated authentication attempts across multiple endpoints.
Affected Products
Schneider Electric PowerChute Serial Shutdown
SuSE, Schneider Electric, Red Hat, Microsoft
SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4
known_affected
Remediations
Vendor fix
(CVE-2026-2402) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/
Vendor fix
(CVE-2026-2402) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/
Mitigation
Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.
https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2402.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2402.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2402.
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json
Relevant CWE: CWE-307 Improper Restriction of Excessive Authentication Attempts
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| 4.0 | 6.9 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
CVE-2026-2405
PowerChute is vulnerable to uncontrolled resource consumption when certain system operations are triggered excessively.
Affected Products
Schneider Electric PowerChute Serial Shutdown
SuSE, Schneider Electric, Red Hat, Microsoft
SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4
known_affected
Remediations
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/
Mitigation
Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.
https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2405.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2405.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2405.
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json
Relevant CWE: CWE-400 Uncontrolled Resource Consumption
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| 4.0 | 5.3 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
CVE-2026-2403
PowerChute is vulnerable to improper validation of quantity‑related inputs, which can cause event and data logs to be truncated. As a result, important audit information may be lost, reducing visibility into system behavior.
Affected Products
Schneider Electric PowerChute Serial Shutdown
SuSE, Schneider Electric, Red Hat, Microsoft
SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4
known_affected
Remediations
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/
Mitigation
Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.
https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2403.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2403.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2403.
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json
Relevant CWE: CWE-1284 Improper Validation of Specified Quantity in Input
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
| 4.0 | 5.3 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
CVE-2026-2400
PowerChute is vulnerable to improper handling of newline sequences in certain inputs, enabling unexpected modification of configuration‑related data.
Affected Products
Schneider Electric PowerChute Serial Shutdown
SuSE, Schneider Electric, Red Hat, Microsoft
SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4
known_affected
Remediations
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/
Mitigation
Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.
https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2400.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2400.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2400.
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json
Relevant CWE: CWE-93 Improper Neutralization of CRLF Sequences (‘CRLF Injection’)
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L |
| 4.0 | 5.3 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N |
CVE-2026-2401
PowerChute is vulnerable to improper logging of sensitive information when certain user‑triggered operations occur.
Affected Products
Schneider Electric PowerChute Serial Shutdown
SuSE, Schneider Electric, Red Hat, Microsoft
SuSE, Schneider Electric, Red Hat, Microsoft PowerChute Serial Shutdown: <=1.4
known_affected
Remediations
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/
Vendor fix
SuSE, Schneider Electric, Red Hat, and Microsoft have identified the following specific workarounds and mitigations users can apply to reduce risk: (CVE-2026-2399, CVE-2026-2404, CVE-2026-2405, CVE-2026-2403, CVE-2026-2400, CVE-2026-2401) PowerChute Serial Shutdown Versions 1.4 and prior: Version 1.5 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: Windows (https://www.se.com/ww/en/download/document/SPD-PCSS_WIN_EN/). Linux (https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/).
https://www.se.com/ww/en/download/document/SPD-PCSS_LNX_EN/
Mitigation
Specific instructions and hardening guidelines for these mitigations can be found in the Security Handbook.
https://download.schneider-electric.com/files?p_Doc_Ref=SPD_CCON-PCSSSH_EN
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Microsoft Windows are fixed versions for CVE-2026-2401.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on Red Hat Enterprise Linux are fixed versions for CVE-2026-2401.
Vendor fix
PowerChute Serial Shutdown Version 1.5 installed on SuSE Linux are fixed versions for CVE-2026-2401.
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf
Vendor fix
For more information see the associated Schneider Electric CPCERT security advisory SEVD-2026-104-01 Multiple Vulnerabilities on PowerChute Serial Shutdown – SEVD-2026-104-01 PDF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2026-104-01.pdf). Multiple Vulnerabilities on PowerChute Serial Shutdown- SEVD-2026-104-01 CSAF Version (https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json).
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-104-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=sevd-2026-104-01.json
Relevant CWE: CWE-532 Insertion of Sensitive Information into Log File
Metrics
| CVSS Version | Base Score | Base Severity | Vector String |
|---|---|---|---|
| 3.1 | 2.8 | LOW | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N |
| 4.0 | 2.4 | LOW | CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
Acknowledgments
- Schneider Electric reported these vulnerabilities to CISA
Legal Notice and Terms of Use
This product is provided subject to this Notification (https://www.cisa.gov/notification) and this Privacy & Use policy (https://www.cisa.gov/privacy-policy).
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities.
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
CISA also recommends users take the following measures to protect themselves from social engineering attacks:
Do not click web links or open attachments in unsolicited email messages.
Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams.
Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
No known public exploitation specifically targeting these vulnerabilities has been reported to CISA at this time.
Revision History
- Initial Release Date: 2026-04-14
| Date | Revision | Summary |
|---|---|---|
| 2026-04-14 | 1 | Initial Publication |
| 2026-07-09 | 2 | Initial Republication of Schneider Electric CPCERT SEVD-2026-104-01 |


















