CVE-2024-3313 Subnet Solutions Inc. CVE debrief

Who should care

Organizations operating SUBNET PowerSYSTEM Server or Substation Server 2021 in electrical utility substations or control center environments. Security teams responsible for OT/ICS asset management and patch coordination. Compliance officers tracking CISA ICS advisories for critical infrastructure protection.

Technical summary

The vulnerabilities reside in third-party libraries bundled with PowerSYSTEM Server 2021 and Substation Server 2021 versions 4.07.00 and earlier. The CVSS 3.1 score of 8.4 (HIGH) reflects a local attack vector with low complexity that can result in complete compromise of confidentiality, integrity, and availability without requiring privileges or user interaction. The attack surface is limited to local access, but the impact is severe. SUBNET Solutions has remediated by replacing outdated libraries in version 4.09.00.927.

Defensive priority

HIGH

Recommended defensive actions

• Update PowerSYSTEM Server and Substation Server 2021 to version 4.09.00.927 or newer by contacting SUBNET Solutions Customer Service
• Review and apply CISA ICS recommended practices for industrial control systems defense in depth
• Verify no unauthorized local access exists on systems running affected versions
• Monitor for vendor security advisories from SUBNET Solutions for future updates

Evidence notes

Evidence drawn from CISA CSAF advisory ICSA-24-100-01, which identifies affected product versions and remediation guidance. The advisory specifies that vulnerabilities exist in third-party components bundled with PowerSYSTEM Server and Substation Server 2021.

Official resources