Search
Search Results (9 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2402 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-14 | N/A |
| CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints. | ||||
| CVE-2026-2405 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-14 | N/A |
| CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /helpabout requests. | ||||
| CVE-2026-2400 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-14 | N/A |
| CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload. | ||||
| CVE-2026-2401 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-14 | N/A |
| CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an attacker. | ||||
| CVE-2026-2404 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-14 | N/A |
| CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload. | ||||
| CVE-2026-2399 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-14 | N/A |
| CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the POST /REST/upssleep request payload. | ||||
| CVE-2025-11567 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2025-11-14 | N/A |
| CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured. | ||||
| CVE-2025-11566 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2025-11-12 | N/A |
| CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on the /REST/shutdownnow endpoint. | ||||
| CVE-2025-11565 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2025-11-12 | N/A |
| CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload. | ||||
Page 1 of 1.