All CISA Advisories, EN

Subnet Solutions PowerSYSTEM Center

2024-07-18 15:07

1. EXECUTIVE SUMMARY

CVSS v4 6.9
ATTENTION: Exploitable remotely/low attack complexity
Vendor: Subnet Solutions Inc.
Equipment: Subnet PowerSYSTEM Center
Vulnerability: Prototype Pollution

2. RISK EVALUATION

Successful exploitation of this vulnerability could allow an authenticated attacker to elevate permissions.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following versions of Subnet PowerSYSTEM Center are affected:

PowerSYSTEM Center 2020: Update 20 and prior

3.2 Vulnerability Overview

3.2.1 IMPROPERLY CONTROLLED MODIFICATION OF OBJECT PROTOTYPE ATTRIBUTES (‘PROTOTYPE POLLUTION’) CWE-1321

Subnet PowerSYSTEM Center products are vulnerable to a prototype pollution vulnerability, which may allow an authenticated attacker to elevate permissions.

CVE-2023-26136 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).

A CVSS v4 score has also been calculated for CVE-2023-26136. A base score of 6.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N).

3.3 BACKGROUND

CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATIO

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from All CISA Advisories

Read the original article:

Subnet Solutions PowerSYSTEM Center

Share this:
Facebook
X
LinkedIn

Related

Tags: All CISA Advisories EN

Post navigation

← Spotlight on DeepKeep.ai

Philips Vue PACS →

Search for:
Pages

Advertising

Contact

Legal and Contact information

Opt-out preferences

Privacy Policy

Social Media

Apps

Telegram Channel

Recent Posts

Meta Adds Display To Ray-Ban Smart Glasses September 19, 2025

U.K. Arrests Two Teen Scattered Spider Hackers Linked to August 2024 TfL Cyber Attack September 19, 2025

Google patches zero-day, Copilot’s forced installation, Scattered Spider arrests September 19, 2025

Did hackers steal the details of 2.5 billion Gmail users last month? September 19, 2025

JLR Supply Chain Workers Hit By Cyber-Attack Disruption September 19, 2025

US Tech Giants Invest £31bn In UK In ‘Prosperity Deal’ September 19, 2025

Silicon UK AI for Your Business Podcast: The AI-Driven Customer September 19, 2025

FCA To Waive ‘Integrity’ Requirement For Crypto Firms September 19, 2025

Teenagers Charged Over Massive Transport For London Hack September 19, 2025

Windows 11 Notepad to Receive AI Upgrade for Free Text Writing and Summarizing September 19, 2025

Cloudflare Confirms API Outage Caused by React useEffect Overload Issue September 19, 2025

Researchers Reveal Connection Between Belsen and ZeroSeven Cybercrime Groups September 19, 2025

MI6 reveals ‘Silent Courier’ dark web portal upgrade it hopes will help it recruit new spies September 19, 2025

SystemBC Botnet Compromises 1,500 VPS Every Day to Rent Out for DDoS Attacks September 19, 2025

LLMs can boost cybersecurity decisions, but not for everyone September 19, 2025

New Loader “CountLoader” Uses PDFs to Launch Ransomware Attacks September 19, 2025

Researchers believe Gamaredon and Turla threat groups are collaborating September 19, 2025

Cybersecurity Today – The Good News Edition September 19, 2025

SolarWinds Issues Advisory Following Salesloft Drift Security Breach September 19, 2025

0-Click ChatGPT Agent Flaw Exposes Gmail Data to Attackers September 19, 2025

Copyright © 2025 IT Security News. All Rights Reserved. The Magazine Basic Theme by bavotasan.com.

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}