ICSA-25-010-01
·
Published 2024-12-10
·
View on CISA ICS-CERT ↗
Schneider Electric PowerChute Serial Shutdown
CVSS 5.3
MEDIUM
CVEs (1)
Remediations
- Version 1.3 of PowerChute Serial Shutdown includes a fix for this vulnerability and is available for download here: https://www.apc.com/us/en/product-range/137943580-powerchute-serialshutdown/#software-and-firmware
- If customers choose not to apply the remediation provided above, they should immediately apply the following mitigations to reduce the risk of exploit: • Do not enable remote access to PCSS Web UI. In the Windows Firewall incoming requests on TCP port 6547 (used by PCSS) are not allowed by default. • Harden the PowerChute Serial Shutdown Agent firewall rule by listing remote computers and/or users for which you want to allow/block remote connections on TCP port 6547. • Specific instructions for these mitigations can be found in the Security Handbook.
Affected Vendors
Schneider Electric
Affected Products (2)
Schneider Electric
·
PowerChute Serial Shutdown
<=1.2.0.301
Schneider Electric
·
PowerChute Serial Shutdown
1.3
Affected Sectors
Critical Manufacturing
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more