Schneider Electric PowerChute Serial Shutdown

Plan PatchCVSS 7.8ICS-CERT ICSA-25-322-04Nov 11, 2025

Schneider ElectricEnergy

Attack path

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric PowerChute Serial Shutdown versions 1.3 and earlier contain three vulnerabilities related to improper file permissions, weak authentication, and insufficient access controls. These flaws allow a local attacker with user-level credentials to escalate privileges, bypass authentication, or modify system files. Exploitation could disrupt the graceful shutdown process for servers and workstations during power outages, preventing proper UPS-managed power-down sequences and risking data loss or equipment damage. The product is a UPS management utility used in data centers and critical infrastructure environments to enable coordinated system shutdown and energy management during power events.

What this means

What could happen

An attacker with local system access could bypass authentication, modify system files, or escalate privileges on servers running PowerChute, potentially disrupting UPS-managed shutdown sequences and preventing graceful power-off during outages.

Who's at risk

Energy utilities and any organization relying on Schneider Electric PowerChute Serial Shutdown for graceful server and workstation shutdown during power events. This affects data centers, network operation centers, and critical infrastructure control rooms that depend on coordinated UPS shutdown to prevent data loss and equipment damage during blackouts.

How it could be exploited

An attacker with local user credentials or physical access to the system can exploit improper file permissions or weak authentication in PowerChute to gain administrative privileges. With elevated access, the attacker could modify shutdown commands or disable the UPS management functionality, causing uncontrolled system shutdowns or preventing critical power management during blackouts.

Prerequisites

Local user account on the system where PowerChute is installed
PowerChute Serial Shutdown version 1.3 or earlier
Ability to write to PowerChute installation directory or custom folders with insufficient permissions

Local authentication requiredImproper file permissionsPrivilege escalation possibleLow attack complexityAffects critical infrastructure (UPS management)

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

PowerChute™ Serial Shutdown≤ 1.3v1.4

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGSet administrative permissions on PowerChute installation folders and custom directories to restrict write access to authorized administrators only

WORKAROUNDReview and correct file and folder permissions on all existing PowerChute installations per the Schneider Electric Security Handbook

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerChute Serial Shutdown to version 1.4 or later on all Windows, RHEL, and SuSE Linux systems

HARDENINGRestrict local access to systems running PowerChute; allow only authorized IT/facilities staff to have user accounts on UPS management servers

Long-term hardening

0/1

HARDENINGPlace UPS management workstations on a dedicated, isolated network segment separate from general IT and operational networks

CVEs (3)

CVE-2025-11565 CVE-2025-11566 CVE-2025-11567

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4a3deb37-3dbb-4111-8ce2-6b32d53f7673

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.