Powerchute serial shutdown
This hub aggregates every CVE we track for Powerchute serial shutdown, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
0
Critical
3
High
0
In CISA KEV
Severity distribution
MEDIUM8HIGH3
Monthly trend
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
3
0
0
0
0
7
0
0
2024-072026-06
Latest CVEs
The 11 most recently published vulnerabilities affecting Powerchute serial shutdown.
- CVE-2026-2401CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an...5.0
- CVE-2026-2400CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc ...4.3
- CVE-2026-2403CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logset...4.3
- CVE-2026-2405CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /...6.5
- CVE-2026-2402CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentic...5.3
- CVE-2026-2404CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.5.3
- CVE-2026-2399CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters th...6.1
- CVE-2025-11567CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured.7.8
- CVE-2025-11566CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitra...7.3
- CVE-2025-11565CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tamper...7.0
- CVE-2024-10511CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface when someone on the local network repeatedly requests the /accessdenied URL.5.3
Product normalization is registry-driven with AI assist and human review. How it works