CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28042 – SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component
https://notcve.org/view.php?id=CVE-2024-28042
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center. SUBNET Solutions Inc. ha identificado vulnerabilidades en componentes de terceros utilizados en PowerSYSTEM Center. • https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02 • CWE-1357: Reliance on Insufficiently Trustworthy Component •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-32659 – SUBNET PowerSYSTEM Center Cross-site Scripting
https://notcve.org/view.php?id=CVE-2023-32659
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2023-29158 – SUBNET PowerSYSTEM Center Authentication Bypass by Capture-replay
https://notcve.org/view.php?id=CVE-2023-29158
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. • https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-01 • CWE-294: Authentication Bypass by Capture-replay •