PatchSiren

Subnet Solutions Inc. CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM Subnet Solutions Inc. CVE published 2025-04-10

CVE-2025-31935

CVE-2025-31935 is a medium-severity denial-of-service issue in Subnet Solutions PowerSYSTEM Center 2020. According to the CISA CSAF advisory published on 2025-04-10, crafted data passed to the API can trigger an exception and disrupt service. Subnet Solutions later revised the advisory on 2025-05-06 for typo fixes only.

MEDIUM Subnet Solutions Inc. CVE published 2025-04-10

CVE-2025-31354

CVE-2025-31354 is a medium-severity availability issue in Subnet Solutions PowerSYSTEM Center 2020. According to CISA's advisory, the SMTPS notification service can be driven into excessive CPU consumption when an EC certificate with crafted F2m parameters is imported and the curve parameters are evaluated. The advisory was published on 2025-04-10 and revised on 2025-05-06 for typo fixes only. The affecte [truncated]

MEDIUM Subnet Solutions Inc. CVE published 2024-10-01

CVE-2023-45857

CVE-2023-45857 is a medium-severity information disclosure vulnerability affecting Subnet Solutions Inc. PowerSYSTEM Center versions up to and including PSC_2020_v5.21.x. The vulnerability stems from the application's use of Axios 1.5.1, which inadvertently exposes the confidential XSRF-TOKEN cookie by including it in the HTTP X-XSRF-TOKEN header for every request made to any host. This behavior allows at [truncated]

MEDIUM Subnet Solutions Inc. CVE published 2024-10-01

CVE-2020-28168

CVE-2020-28168 is a Server-Side Request Forgery (SSRF) vulnerability affecting Subnet Solutions Inc. PowerSYSTEM Center versions up to and including PSC_2020_v5.21.x. The vulnerability stems from the product's use of Axios NPM package version 0.21.0, which contains an SSRF flaw allowing attackers to bypass proxy restrictions by providing a URL that redirects to a restricted host or IP address. Published b [truncated]

MEDIUM Subnet Solutions Inc. CVE published 2024-07-18

CVE-2023-26136

A prototype pollution vulnerability in Subnet Solutions PowerSYSTEM Center 2020 allows authenticated attackers to elevate permissions. The vulnerability was disclosed in CISA ICS Advisory ICSA-24-200-02 on July 18, 2024. Affected versions are PowerSYSTEM Center 2020 Update 20 and earlier. The vendor has released PowerSYSTEM Center 2020 Update 21 to address this issue.

HIGH Subnet Solutions Inc. CVE published 2024-05-14

CVE-2024-28042

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center. The affected product is PowerSYSTEM Center versions Update 19 and earlier. The vendor has addressed these issues by identifying and replacing outdated libraries in previous versions. Users are advised to update to version 5.20.x.x or newer.

HIGH Subnet Solutions Inc. CVE published 2024-04-09

CVE-2024-3313

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021. The vulnerabilities affect versions 4.07.00 and earlier of both products. The CVSS 3.1 vector indicates local attack vector with low attack complexity, no privileges required, and no user interaction needed, resulting in high impacts to confidentiality, integrity, and [truncated]