CWE-307 Excessive Auth Attempts in Schneider Electric IoT Platform
CVE-2026-2402 Published on April 14, 2026

CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints.

NVD

Weakness Type

Improper Restriction of Excessive Authentication Attempts

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

Affected Versions

Schneider Electric PowerChute™ Serial Shutdown Version Versions v1.4 and prior is affected by CVE-2026-2402

CWE-307 Excessive Auth Attempts in Schneider Electric IoT PlatformCVE-2026-2402 Published on April 14, 2026

Weakness Type

Improper Restriction of Excessive Authentication Attempts

Affected Versions

CWE-307 Excessive Auth Attempts in Schneider Electric IoT Platform
CVE-2026-2402 Published on April 14, 2026