CVE-2024-10511

MEDIUM

Schneider Electric PowerChute Serial Shutdown - Denial of Service via Repeated /accessdenied Requests

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-10511. PoCs published by revengsmK.

AI-analyzed exploit summary The repository provides a detailed technical analysis of CVE-2024-10511, an improper authentication vulnerability in Schneider Electric PowerChute Serial Shutdown v1.2.0.301 and prior. It describes how an unauthenticated attacker can trigger constant account lockouts by repeatedly accessing the */accessdenied* URL, preventing legitimate users from logging in.

Description

CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface when someone on the local network repeatedly requests the /accessdenied URL.

Exploits (1)

nomisec WRITEUP
by revengsmK · poc
https://github.com/revengsmK/CVE-2024-10511

The repository provides a detailed technical analysis of CVE-2024-10511, an improper authentication vulnerability in Schneider Electric PowerChute Serial Shutdown v1.2.0.301 and prior. It describes how an unauthenticated attacker can trigger constant account lockouts by repeatedly accessing the */accessdenied* URL, preventing legitimate users from logging in.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Schneider Electric PowerChute Serial Shutdown v1.2.0.301 and prior
No auth needed
Prerequisites: Network access to the PowerChute Serial Shutdown interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 5.3
EPSS 0.0096
EPSS Percentile 56.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-287
Status published
Products (1)
Schneider Electric/PowerChute Serial Shutdown Versions v1.2.0.301 and prior
Published Dec 11, 2024
Tracked Since Feb 18, 2026