Vulnerability in Schneider Electric Powerchute™ Serial Shutdown

CVE-2026-2400

CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload.

Vulnerability class: CRLF Injection

EPSS: 0.001 (18.2th percentile) — read the EPSS interpretation.

Affected products

Schneider Electric Powerchute™ Serial Shutdown — versions Versions 1.4 and prior

Weakness classification (CWE)

CWE-93 — CRLF Injection

References

download.schneider-electric.com/files