Schneider Electric PowerChute Serial Shutdown

Plan Patch7.8ICS-CERT ICSA-25-322-04Nov 11, 2025

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric PowerChute™ Serial Shutdown versions 1.3 and earlier contain multiple vulnerabilities (CVE-2025-11565, CVE-2025-11566, CVE-2025-11567) in file permissions (CWE-276), path traversal (CWE-22), and credential validation (CWE-307). These flaws allow local attackers with system login credentials to escalate privileges, bypass authentication, or gain unauthorized access to UPS management functions. The product is widely used on Windows, Red Hat Enterprise Linux, and SuSE Linux servers to manage graceful system shutdown and energy management for critical infrastructure.

What this means

What could happen

An attacker with local system access could escalate privileges or bypass authentication on PowerChute Serial Shutdown, potentially allowing them to stop UPS protection or prevent graceful system shutdown during power events.

Who's at risk

Energy sector organizations operating UPS management systems should care. This affects any Windows or Linux servers (desktop, server, or workstation) running PowerChute Serial Shutdown version 1.3 or earlier, which are commonly deployed to manage graceful shutdowns during power failures at substations, data centers, and critical energy infrastructure.

How it could be exploited

An attacker with local login access to a Windows or Linux server could exploit improper file permissions or weak credential handling in PowerChute Serial Shutdown to escalate privileges and gain administrative control of the UPS management software, bypassing intended access restrictions.

Prerequisites

Local system access (login credentials to the Windows or Linux host)
PowerChute Serial Shutdown version 1.3 or earlier installed
Insufficient file system permissions on PowerChute installation directory

Local access requiredPrivilege escalation possibleAuthentication bypass possibleNo patch available for version 1.3 and earlier (requires upgrade)Affects UPS shutdown logic

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

PowerChute™ Serial Shutdown≤ 1.3v1.4

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGReview and enforce administrative permissions on PowerChute Serial Shutdown installation directories to prevent unauthorized modification or access

HARDENINGRestrict local system access to servers running PowerChute Serial Shutdown to authorized personnel only

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PowerChute Serial Shutdown to version 1.4 or later on all Windows systems

HOTFIXUpgrade PowerChute Serial Shutdown to version 1.4 or later on all Red Hat Enterprise Linux systems

HOTFIXUpgrade PowerChute Serial Shutdown to version 1.4 or later on all SuSE Linux systems

CVEs (3)

CVE-2025-11565 CVE-2025-11566 CVE-2025-11567

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/4a3deb37-3dbb-4111-8ce2-6b32d53f7673