Multiple Vulnerabilities on PowerChute™ Serial Shutdown

MonitorCVSS 6.1SEVD-2026-104-01Apr 14, 2026

Schneider ElectricEnergy

Attack path

Attack VectorAdjacent

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Schneider Electric has identified multiple input validation vulnerabilities in PowerChute Serial Shutdown (version 1.4 and earlier). The vulnerabilities include improper input validation (CWE-22, CWE-116), weak authentication mechanisms (CWE-307), and related weaknesses that could allow an attacker with administrative privileges to disrupt graceful shutdown operations, alter system behavior, or access sensitive system data. PowerChute Serial Shutdown is a UPS management software used to automate safe system shutdown and energy management on desktops, servers, and workstations.

What this means

What could happen

An attacker with administrative access to a system running vulnerable PowerChute Serial Shutdown could bypass input validation to alter shutdown behavior, disrupt UPS graceful shutdown operations, or access sensitive system data. This could prevent orderly shutdown of critical infrastructure during power events.

Who's at risk

This affects IT staff and UPS administrators responsible for graceful shutdown automation at facilities that depend on uninterruptible power supplies—particularly energy sector organizations, data centers, and any facility with critical servers or desktop systems relying on PowerChute Serial Shutdown for safe power event handling.

How it could be exploited

An attacker with high-level privileges on a host running PowerChute Serial Shutdown could craft malicious input to bypass validation controls. The vulnerability stems from improper input validation, allowing the attacker to inject commands or access unauthorized data on the system running the software. Network access to the system is required if exploitation occurs remotely, though the high privilege requirement limits exploitation scope.

Prerequisites

Administrative or high-privilege credentials on the system running PowerChute Serial Shutdown
Local or network access to the affected system
PowerChute Serial Shutdown version 1.4 or earlier installed

Requires high-privilege credentials to exploitLow complexity attackAffects critical shutdown functionalityInput validation weakness

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

PowerChute™ Serial Shutdown≤ 1.4Fix available

Remediation & Mitigation

0/3

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerChute Serial Shutdown to version 1.5 or later on all Windows systems

HOTFIXUpdate PowerChute Serial Shutdown to version 1.5 or later on all Linux systems

HARDENINGReview and apply hardening guidelines in the PowerChute Serial Shutdown Security Handbook

CVEs (7)

CVE-2026-2399 CVE-2026-2404 CVE-2026-2402 CVE-2026-2405 CVE-2026-2403 CVE-2026-2400 CVE-2026-2401

View full Schneider Electric advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/2b2f9fd2-6b8d-4bc4-9543-e3d8ec2299ee

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.