CVE-2026-2400
CRLF Injection in Web Admin POST /setPCBEDesc Resets Credentials
Publication date: 2026-04-14
Last updated on: 2026-04-22
Assigner: Schneider Electric SE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| schneider-electric | powerchute_serial_shutdown | to 1.5 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-93 | The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-2400 is a vulnerability classified as Improper Neutralization of CRLF Sequences ('CRLF Injection') affecting Schneider Electric's PowerChuteβ’ Serial Shutdown software, versions 1.4 and prior.
This vulnerability occurs when a Web Admin user modifies the POST /setPCBEDesc request payload, which can cause the application user credentials to be reset unexpectedly.
It is related to improper input validation that allows CRLF injection, potentially disrupting normal operations and compromising system data.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to the unintended reset of application user credentials, which may disrupt system operations and affect the security of user accounts.
This disruption could compromise system data integrity and availability, potentially causing operational interruptions in environments relying on PowerChuteβ’ Serial Shutdown software.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability occurs when a Web Admin user alters the POST /setPCBEDesc request payload, potentially causing application user credentials to reset. Detection would involve monitoring or inspecting network traffic for suspicious POST requests to the /setPCBEDesc endpoint.
Specific commands are not provided in the available resources, but generally, you can use network monitoring tools like tcpdump or Wireshark to capture and analyze HTTP POST requests targeting /setPCBEDesc.
- Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /setPCBEDesc'
- Use web server logs to identify POST requests to /setPCBEDesc and check for unusual payloads or unexpected resets of user credentials.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade PowerChuteβ’ Serial Shutdown software to version 1.5, which includes fixes for this vulnerability and other related issues.
Additional recommended security measures include:
- Backing up systems and testing patches in controlled environments before deployment.
- Isolating control and safety system networks behind firewalls.
- Restricting physical access to industrial control systems.
- Minimizing network exposure and using secure remote access methods such as VPNs.
- Sanitizing mobile data exchange devices before connecting them to critical networks.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves improper neutralization of CRLF sequences that could cause application user credentials to reset, potentially disrupting operations and compromising system data.
While the provided information does not explicitly mention compliance with standards such as GDPR or HIPAA, failure to remediate this vulnerability could lead to improper input validation and unauthorized credential resets, which may increase the risk of data breaches or unauthorized access.
Such risks could negatively impact compliance with data protection regulations that require safeguarding user credentials and ensuring system integrity.
Remediation by upgrading to version 1.5 and following recommended security best practices is advised to mitigate these risks and support compliance efforts.