1. EXECUTIVE SUMMARY
- CVSS v4 8.6
- ATTENTION: Low attack complexity
- Vendor: SUBNET Solutions Inc.
- Equipment: PowerSYSTEM Server, Substation Server 2021
- Vulnerabilities: Reliance on Insufficiently Trustworthy Component
2. RISK EVALUATION
Successful exploitation of the vulnerabilities in components used by PowerSYSTEM Server 2021 and Substation Server 2021 could allow privilege escalation, denial of service, or arbitrary code execution.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
SUBNET Solutions reports that the following products use components with vulnerabilities:
- PowerSYSTEM Server: version 4.07.00 and prior
- Substation Server 2021: version 4.07.00 and prior
3.2 Vulnerability Overview
3.2.1 RELIANCE ON INSUFFICIENTLY TRUSTWORTHY COMPONENT CWE-1357
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021.
CVE-2024-3313 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.4 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-3313. A base score of 8.6 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: