PowerChute Serial Shutdown
Monitor5.3SEVD-2024-345-01Dec 10, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
A vulnerability in PowerChute Serial Shutdown allows a denial of service attack that blocks a single user account's access to the PCSS Web UI. The vulnerability affects versions 1.2.0.301 and earlier. The PCSS application itself continues to function and provide UPS protection; only user access to the Web UI is affected. Version 1.3 includes a fix for this issue.
What this means
What could happen
An attacker could lock a user out of the PowerChute Serial Shutdown Web UI, preventing that user from monitoring or managing UPS shutdown and energy operations until they regain access.
Who's at risk
Organizations running PowerChute Serial Shutdown on UPS management systems for servers, workstations, and desktops should prioritize this update. This affects anyone managing graceful shutdown and energy efficiency for IT infrastructure tied to UPS systems.
How it could be exploited
An unauthenticated attacker can send network requests to the PowerChute Serial Shutdown Web UI to trigger a denial of service condition that blocks access for a single user account. The application itself continues to protect the server, but the targeted user loses management visibility.
Prerequisites
- Network access to the PowerChute Serial Shutdown Web UI port
- No authentication required
remotely exploitableno authentication requiredlow complexity
Exploitability
Low exploit probability (EPSS 0.6%)
Affected products (1)
ProductAffected VersionsFix Status
PowerChute Serial Shutdown≤ 1.2.0.3011.3
Remediation & Mitigation
0/1
Schedule — requires maintenance window
0/1Patching may require device reboot — plan for process interruption
HOTFIXUpdate PowerChute Serial Shutdown from version 1.2.0.301 or earlier to version 1.3 or later
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/94a06a9f-5ed2-47bc-9f93-c93c49923ffc