CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26024 – SUBNET Substation Server Reliance on Insufficiently Trustworthy Component
https://notcve.org/view.php?id=CVE-2024-26024
28 May 2024 — SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server. SUBNET Solutions Inc. ha identificado vulnerabilidades en componentes de terceros utilizados en Substation Server. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02 • CWE-1357: Reliance on Insufficiently Trustworthy Component •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28042 – SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component
https://notcve.org/view.php?id=CVE-2024-28042
15 May 2024 — SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center. SUBNET Solutions Inc. ha identificado vulnerabilidades en componentes de terceros utilizados en PowerSYSTEM Center. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02 • CWE-1357: Reliance on Insufficiently Trustworthy Component •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2024-3313 – SUBNET PowerSYSTEM Server and Substation Server Reliance on Insufficiently Trustworthy Component
https://notcve.org/view.php?id=CVE-2024-3313
09 Apr 2024 — SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021. SUBNET Solutions Inc. ha identificado vulnerabilidades en componentes de terceros utilizados en PowerSYSTEM Server 2021 y Substation Server 2021. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-100-01 • CWE-1357: Reliance on Insufficiently Trustworthy Component •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6631 – Subnet Solutions Inc. PowerSYSTEM Center Unquoted Search Path or Element
https://notcve.org/view.php?id=CVE-2023-6631
08 Jan 2024 — PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. Las versiones 2020 Update 16 y anteriores de PowerSYSTEM Center contienen una vulnerabilidad que puede permitir que un usuario local autorizado inserte código arbitrario en la ruta del servicio sin comillas y escale privilegios. • https://subnet.com/contact • CWE-428: Unquoted Search Path or Element •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32659 – SUBNET PowerSYSTEM Center Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-32659
19 Jun 2023 — SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29158 – SUBNET PowerSYSTEM Center Authentication Bypass by Capture-replay
https://notcve.org/view.php?id=CVE-2023-29158
19 Jun 2023 — SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-01 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2357
https://notcve.org/view.php?id=CVE-2014-2357
11 Aug 2014 — The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message. La libraría GPT en la aplicación Telegyr 8979 Master Protocol en SUBNET SubSTATION Server 2 anterior a SSNET 2.12 HF18808 permite a atacantes remotos causar una denegación de servicio (caída de servicio persistente) a través de un mensaje RTU-to-Master largo. • https://ics-cert.us-cert.gov/advisories/ICSA-14-196-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2013-2788
https://notcve.org/view.php?id=CVE-2013-2788
17 Sep 2013 — The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. El servicio DNP3 esclavo en subSTATION Server 2.7.0033 y 2.8.0106 de SUBNET Solutions permite a atacantes remotos causar denegación de servicio (excepción sin manejar y caída de proceso) a través de vectores no especificados. • http://ics-cert.us-cert.gov/advisories/ICSA-13-252-01 • CWE-20: Improper Input Validation •