CNNVD-202511-1426 Information
CNNVD ID
CNNVD-202511-1426
Related CVE
- CNNVD Published: 2025-11-12
Description (Chinese)
Schneider Electric PowerChute Serial Shutdown是法国施耐德电气(Schneider Electric)公司的一个 UPS 管理、正常关机和能源管理软件。 Schneider Electric PowerChute Serial Shutdown存在安全漏洞,该漏洞源于身份验证尝试限制不当,可能导致本地网络上的攻击者通过在/REST/shutdownnow端点上使用不同凭据进行任意数量的身份验证尝试来获取用户账户访问权限。
Description (English)
Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown and energy management software of Schneider Electric, France. There is a security loophole in Schneider PowerChute Serial Shutdown, which stems from inappropriately restricted identification attempts, which may lead the attackers on the local network to try to obtain access to user accounts by using a different number of proofs for an arbitrary number of identifications at the /REST/shutdownnow end.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
施耐德电气。
Published
2025-11-12
Last Modified
2026-02-24
References
Patch
https://www.se.com/us/en/product-range/137943580-powerchute-serial-shutdown/#products
Share on: