Schneider Electric PowerChute Serial Shutdown

Monitor5.3ICS-CERT ICSA-25-010-01Dec 10, 2024

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric PowerChute Serial Shutdown versions 1.2.0.301 and prior contain a vulnerability that allows an unauthenticated attacker on the network to cause a denial of service condition affecting the Web UI. The attack blocks the single user account from accessing the management interface, preventing administrators from managing UPS shutdown and energy management capabilities. The vulnerability is in the Web UI authentication/session handling; the PCSS application itself and UPS protection continue to operate normally. CVSS v3.1 score: 5.3 (medium severity). CWE-287 (improper authentication).

What this means

What could happen

An attacker can lock out the single user account from accessing the PowerChute Serial Shutdown Web UI, preventing administrators from monitoring or managing graceful UPS shutdown and energy management for servers and workstations. The UPS protection itself continues to function, but administrative access is lost.

Who's at risk

Energy sector organizations running PowerChute Serial Shutdown on servers and workstations for UPS management and graceful shutdown capabilities. Affects any data center, utility facility, or mission-critical environment using Schneider Electric UPS management software.

How it could be exploited

An attacker on the network sends crafted requests to the PowerChute Serial Shutdown Web UI without authentication. This causes a denial of service condition that blocks the administrator account from logging in and accessing UPS management capabilities.

Prerequisites

Network access to PowerChute Serial Shutdown Web UI (default network exposure)
No credentials required

Remotely exploitableNo authentication requiredLow complexityAffects availability/administrative access

Exploitability

Low exploit probability (EPSS 0.6%)

Affected products (1)

ProductAffected VersionsFix Status

PowerChute Serial Shutdown≤ 1.2.0.3011.3

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDIsolate PowerChute Serial Shutdown behind firewall rules; restrict network access to management interface to authorized administrative workstations only

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerChute Serial Shutdown to version 1.3 or later

Long-term hardening

0/2

HARDENINGPlace PowerChute Serial Shutdown on a separate control system network isolated from the business network

HARDENINGImplement network segmentation so UPS management software is not directly accessible from the Internet or untrusted networks

CVEs (1)

CVE-2024-10511

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/73b83720-3906-409d-bb89-e775670f7ea4