CWE-307 Excessive Auth Attempts in Schneider Electric IoT Platform
CVE-2026-2402 Published on April 14, 2026

CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints.

NVD

Weakness Type

Improper Restriction of Excessive Authentication Attempts

The software does not implement sufficient measures to prevent multiple failed authentication attempts within in a short time frame, making it more susceptible to brute force attacks.

Affected Versions

Schneider Electric PowerChute™ Serial Shutdown Version Versions v1.4 and prior is affected by CVE-2026-2402

Exploit Probability

EPSS

0.27%

Percentile

18.92%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CWE-307 Excessive Auth Attempts in Schneider Electric IoT PlatformCVE-2026-2402 Published on April 14, 2026

Weakness Type

Improper Restriction of Excessive Authentication Attempts

Affected Versions

Exploit Probability

CWE-307 Excessive Auth Attempts in Schneider Electric IoT Platform
CVE-2026-2402 Published on April 14, 2026