Subnet Solutions PowerSYSTEM Center
Summary
CISA has issued an alert regarding multiple vulnerabilities in Subnet Solutions PowerSYSTEM Center software versions. Successful exploitation could allow authenticated attackers to expose sensitive information or perform CRLF injection attacks. The affected versions span across 2020, 2024, and 2026 releases.
IFF Assessment
The article details multiple vulnerabilities that can be exploited by authenticated attackers to gain unauthorized access to sensitive information or execute code, posing a direct risk to defenders.
Severity
The CVSS score of 8.2 is explicitly stated in the article for the vulnerabilities within Subnet Solutions PowerSYSTEM Center, indicating a high severity. This score reflects a combination of factors including the attack vector, complexity, privileges required, user interaction, and the impact on confidentiality, integrity, and availability.
Defender Context
Defenders should prioritize patching or applying mitigations for Subnet Solutions PowerSYSTEM Center, especially in critical infrastructure environments like manufacturing and energy. The identified vulnerabilities, allowing for information exposure and CRLF injection, require careful monitoring of access logs and network traffic for suspicious activity.