MidnightBSD

Advisories for subnet

CVE-2013-2788 MEDIUM

The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
subnet substation_server 2.7.0033
subnet substation_server 2.8.0106
CVE-2014-2357 HIGH

The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-119,

Products Affected

Vendor Product Version
subnet substation_server *
CVE-2023-29158

SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 6.1 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H 0.9 5.2

Products Affected

Vendor Product Version
subnet powersystem_center *
subnet powersystem_center 2020
CVE-2023-32659

SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ics-cert@hq.dhs.gov 6.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:L 1.2 4.7

Products Affected

Vendor Product Version
subnet powersystem_center *
subnet powersystem_center 2020
CVE-2023-6631

PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9
ics-cert@hq.dhs.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
subnet powersystem_center 2020