1. EXECUTIVE SUMMARY
- CVSS v4 6.9
- ATTENTION: Low attack complexity
- Vendor: Subnet Solutions Inc.
- Equipment: PowerSYSTEM Center (PSC) 2020
- Vulnerabilities: Out-of-Bounds Read, Deserialization of Untrusted Data
2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to cause a denial-of-service condition.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following Subnet Solutions products are affected:
- PowerSYSTEM Center 2020: Versions 5.24.x and prior
3.2 VULNERABILITY OVERVIEW
3.2.1 OUT-OF-BOUNDS READ CWE-125
PowerSYSTEM Center’s SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters.
CVE-2025-31354 has been assigned to this vulnerability. A CVSS v3.1 base score of 4.3 has been calculated; the CVSS vector string is (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
A CVSS v4 score has also been calculated for CVE-2025-31354. A base score of 5.3 has been calculated; the CVSS vector string is (AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N).
3.2.2 DESERIALIZATION OF UNTRUSTED DATA CWE-502
PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: