Executive Summary

CVE-2026-2400 is a vulnerability classified as Improper Neutralization of CRLF Sequences ('CRLF Injection') affecting Schneider Electric's PowerChute™ Serial Shutdown software, versions 1.4 and prior.

This vulnerability occurs when a Web Admin user modifies the POST /setPCBEDesc request payload, which can cause the application user credentials to be reset unexpectedly.

It is related to improper input validation that allows CRLF injection, potentially disrupting normal operations and compromising system data.

Useful 0 Not Useful 0

Impact Analysis

Exploitation of this vulnerability can lead to the unintended reset of application user credentials, which may disrupt system operations and affect the security of user accounts.

This disruption could compromise system data integrity and availability, potentially causing operational interruptions in environments relying on PowerChute™ Serial Shutdown software.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability occurs when a Web Admin user alters the POST /setPCBEDesc request payload, potentially causing application user credentials to reset. Detection would involve monitoring or inspecting network traffic for suspicious POST requests to the /setPCBEDesc endpoint.

Specific commands are not provided in the available resources, but generally, you can use network monitoring tools like tcpdump or Wireshark to capture and analyze HTTP POST requests targeting /setPCBEDesc.

• Example tcpdump command to capture relevant traffic: tcpdump -i <interface> -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /setPCBEDesc'
• Use web server logs to identify POST requests to /setPCBEDesc and check for unusual payloads or unexpected resets of user credentials.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade PowerChute™ Serial Shutdown software to version 1.5, which includes fixes for this vulnerability and other related issues.

Additional recommended security measures include:

• Backing up systems and testing patches in controlled environments before deployment.
• Isolating control and safety system networks behind firewalls.
• Restricting physical access to industrial control systems.
• Minimizing network exposure and using secure remote access methods such as VPNs.
• Sanitizing mobile data exchange devices before connecting them to critical networks.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability involves improper neutralization of CRLF sequences that could cause application user credentials to reset, potentially disrupting operations and compromising system data.

While the provided information does not explicitly mention compliance with standards such as GDPR or HIPAA, failure to remediate this vulnerability could lead to improper input validation and unauthorized credential resets, which may increase the risk of data breaches or unauthorized access.

Such risks could negatively impact compliance with data protection regulations that require safeguarding user credentials and ensuring system integrity.

Remediation by upgrading to version 1.5 and following recommended security best practices is advised to mitigate these risks and support compliance efforts.

Useful 0 Not Useful 0