Schneider Electric PowerChute Serial Shutdown

MonitorCVSS 5.3ICS-CERT ICSA-25-010-01Dec 10, 2024

Schneider ElectricEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric PowerChute Serial Shutdown version 1.2.0.301 and prior contains an authentication bypass vulnerability in the Web UI. An unauthenticated attacker can exploit this to cause a denial of service condition that blocks user access to the Web UI. The UPS protection service itself continues to operate normally. The vulnerability does not affect the core PCSS application shutdown functionality.

What this means

What could happen

An attacker could block a user's access to the PowerChute Serial Shutdown web interface, preventing administrators from managing UPS shutdown operations, though the UPS protection service itself continues running. This could delay emergency shutdown procedures in the event of a power failure.

Who's at risk

Energy sector organizations running PowerChute Serial Shutdown on servers and workstations for UPS management and graceful shutdown control. This affects system administrators responsible for power failure response procedures.

How it could be exploited

An attacker on the network sends a crafted request to the PowerChute Serial Shutdown Web UI without credentials. The authentication bypass allows the attacker to trigger a denial of service that locks out the user account from accessing the web interface.

Prerequisites

Network access to the PowerChute Serial Shutdown Web UI port
PowerChute Serial Shutdown version 1.2.0.301 or earlier deployed

remotely exploitableno authentication requiredlow complexityaffects power management systems

Exploitability

Unlikely to be exploited — EPSS score 0.6%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (1)

ProductAffected VersionsFix Status

PowerChute Serial Shutdown≤ 1.2.0.3011.3

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDRestrict network access to the PowerChute Serial Shutdown Web UI to authorized administrative IP addresses or subnets using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerChute Serial Shutdown to version 1.3 or later

Long-term hardening

0/1

HARDENINGIsolate the UPS management network segment behind a firewall and separate from the business network

CVEs (1)

CVE-2024-10511

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/73b83720-3906-409d-bb89-e775670f7ea4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.