These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2025-31935 is a medium-severity denial-of-service issue in Subnet Solutions PowerSYSTEM Center 2020. According to the CISA CSAF advisory published on 2025-04-10, crafted data passed to the API can trigger an exception and disrupt service. Subnet Solutions later revised the advisory on 2025-05-06 for typo fixes only.
CVE-2025-31354 is a medium-severity availability issue in Subnet Solutions PowerSYSTEM Center 2020. According to CISA's advisory, the SMTPS notification service can be driven into excessive CPU consumption when an EC certificate with crafted F2m parameters is imported and the curve parameters are evaluated. The advisory was published on 2025-04-10 and revised on 2025-05-06 for typo fixes only. The affecte [truncated]
CVE-2023-45857 is a medium-severity information disclosure vulnerability affecting Subnet Solutions Inc. PowerSYSTEM Center versions up to and including PSC_2020_v5.21.x. The vulnerability stems from the application's use of Axios 1.5.1, which inadvertently exposes the confidential XSRF-TOKEN cookie by including it in the HTTP X-XSRF-TOKEN header for every request made to any host. This behavior allows at [truncated]
CVE-2020-28168 is a Server-Side Request Forgery (SSRF) vulnerability affecting Subnet Solutions Inc. PowerSYSTEM Center versions up to and including PSC_2020_v5.21.x. The vulnerability stems from the product's use of Axios NPM package version 0.21.0, which contains an SSRF flaw allowing attackers to bypass proxy restrictions by providing a URL that redirects to a restricted host or IP address. Published b [truncated]
A prototype pollution vulnerability in Subnet Solutions PowerSYSTEM Center 2020 allows authenticated attackers to elevate permissions. The vulnerability was disclosed in CISA ICS Advisory ICSA-24-200-02 on July 18, 2024. Affected versions are PowerSYSTEM Center 2020 Update 20 and earlier. The vendor has released PowerSYSTEM Center 2020 Update 21 to address this issue.
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center. The affected product is PowerSYSTEM Center versions Update 19 and earlier. The vendor has addressed these issues by identifying and replacing outdated libraries in previous versions. Users are advised to update to version 5.20.x.x or newer.
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021. The vulnerabilities affect versions 4.07.00 and earlier of both products. The CVSS 3.1 vector indicates local attack vector with low attack complexity, no privileges required, and no user interaction needed, resulting in high impacts to confidentiality, integrity, and [truncated]