PatchSiren cyber security CVE debrief
CVE-2024-10511 Schneider Electric CVE debrief
A CWE-287 Improper Authentication vulnerability in Schneider Electric PowerChute Serial Shutdown versions v1.2.0.301 and prior allows an attacker on the local network to cause denial of access to the web interface by repeatedly requesting the /accessdenied URL. The vulnerability was published on December 10, 2024, with a CVSS 3.1 score of 5.3 (MEDIUM severity). The attack vector is network-based with low attack complexity, requiring no privileges or user interaction. Schneider Electric has released version 1.3 as a vendor fix. For organizations unable to immediately patch, CISA and Schneider Electric recommend disabling remote access to the PCSS Web UI, hardening firewall rules to restrict TCP port 6547 access, and following the Security Handbook guidance.
- Vendor
- Schneider Electric
- Product
- PowerChute Serial Shutdown
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2024-12-10
- Original CVE updated
- 2024-12-10
- Advisory published
- 2024-12-10
- Advisory updated
- 2024-12-10
Who should care
Organizations using Schneider Electric PowerChute Serial Shutdown v1.2.0.301 or earlier for UPS management and graceful shutdown orchestration. This includes data center operators, industrial facilities, healthcare organizations, and critical infrastructure relying on APC UPS systems with serial shutdown capabilities. Security teams responsible for industrial control system (ICS) security and network administrators managing power protection infrastructure should prioritize assessment and patching.
Technical summary
The vulnerability exists in the web interface authentication mechanism of PowerChute Serial Shutdown. An attacker on the local network can trigger a denial of access condition by repeatedly requesting the /accessdenied endpoint. This suggests a state management or rate-limiting deficiency in the authentication layer that can be exhausted through repeated requests, effectively locking out legitimate administrative access to the web interface. The attack requires network access but no authentication credentials, making it exploitable by any local network actor. The fix in version 1.3 likely implements proper request throttling, session management, or authentication state handling to prevent this resource exhaustion condition.
Defensive priority
medium
Recommended defensive actions
- Upgrade to PowerChute Serial Shutdown version 1.3 or later to address the authentication vulnerability
- If immediate patching is not feasible, disable remote access to the PCSS Web UI
- Harden Windows Firewall rules for PowerChute Serial Shutdown Agent by restricting TCP port 6547 to specific authorized remote computers and users
- Review and implement guidance from the PowerChute Serial Shutdown Security Handbook for additional hardening measures
- Monitor for repeated requests to /accessdenied URL as potential indicator of exploitation attempts
- Apply network segmentation to limit exposure of PowerChute Serial Shutdown management interfaces to untrusted local network segments
Evidence notes
CISA ICS Advisory ICSA-25-010-01 (published 2024-12-10) documents this vulnerability with Schneider Electric as the confirmed vendor and PowerChute Serial Shutdown as the affected product. The advisory specifies affected versions as v1.2.0.301 and prior, with version 1.3 containing the fix. The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L confirms network attack vector with availability impact only.
Official resources
-
CVE-2024-10511 CVE record
CVE.org
-
CVE-2024-10511 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
2024-12-10