An improper input validation flaw in Schneider Electric PowerChute Serial Shutdown allows a Web Administrator to supply a malformed payload to the /logsettings endpoint, causing the event and data logs to be truncated and thereby compromising log integrity. This flaw is categorized as CWE-1284, reflecting a failure to enforce proper quantity limits during input processing. The loss of log integrity can hinder forensic investigations, impede audit processes, and mask malicious or accidental activity performed on the affected system.

Schneider Electric PowerChute Serial Shutdown is the affected product. No specific versioning information is provided in the advisory, so all current releases that expose the /logsettings endpoint should be considered potentially vulnerable.

The CVSS score of 5.3 places this vulnerability in the moderate range. Exploitation requires authenticated access to the Web Admin interface and the ability to issue a POST request to /logsettings, which suggests that the attack vector is management‑console based, either remote or local. The EPSS score is unavailable, and the vulnerability is not listed in the CISA KEV catalog, indicating that publicly known exploitation has not yet been demonstrated. Nevertheless, an attacker who can gain administrative privileges could truncate logs to conceal their actions, creating a significant integrity risk for compliance and security monitoring.