Schneider Electric PowerChute Serial Shutdown Incorrect Default Permissions Vulnerability Allowing Elevated System Access
Vulnerability
A vulnerability allowing elevated system access due to incorrect default permissions has been identified in Schneider Electric's PowerChute Serial Shutdown software, specifically in versions through 1.3. This vulnerability could be exploited if the target installation folder is not properly secured.
Impact
Exploitation of this vulnerability could lead to unauthorized elevation of privileges, allowing a user to gain elevated system access.
Remediation
Users can upgrade to version 1.4 of PowerChute Serial Shutdown, which includes a fix for this vulnerability. This version is available for download from the Schneider Electric website. If PowerChute is installed in a custom folder, ensure that the required permissions are set, preferably administrative permissions. Specific instructions for these mitigations can be found in the Schneider Electric Security Handbook.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.