SUBNET PowerSYSTEM Center

MonitorCVSS 6.5ICS-CERT ICSA-23-166-01Jun 15, 2023

Subnet SolutionsEnergy

Attack path

Attack VectorAdjacent

Auth RequiredHigh

ComplexityLow

User InteractionRequired

Summary

PowerSYSTEM Center versions prior to 5.12.2305.10101 are vulnerable to malicious file upload attacks (CWE-79, CWE-294). An attacker with engineering credentials can upload SVG files containing embedded HTML or scripts, or upload SVG files disguised as JPG/PNG images. This can result in script execution within the web interface or denial-of-service conditions affecting the energy management platform. SUBNET has addressed these issues by implementing file integrity checks on uploaded images and anti-forgery tokens to prevent replay attacks in version 5.12.2305.10101 and later.

What this means

What could happen

An attacker with engineering access to PowerSYSTEM Center could upload malicious image files containing scripts that execute in the web interface, or trigger denial-of-service attacks affecting the energy management system's availability.

Who's at risk

Energy sector operators running SUBNET PowerSYSTEM Center for generation, transmission, or distribution management should review this advisory. Risk is highest for sites where the management interface is accessible to contractors or untrusted engineering staff, or where file upload features are actively used for reports and monitoring.

How it could be exploited

An attacker with high-privilege credentials accesses the PowerSYSTEM Center web interface and uploads a malicious SVG file disguised as a JPG or PNG, or containing embedded HTML/scripts. The system processes the file without proper validation, allowing script execution or DoS conditions to affect the platform and connected energy systems.

Prerequisites

High-privilege (engineering) credentials for PowerSYSTEM Center web interface
Network access to PowerSYSTEM Center management port (typically HTTP/HTTPS)
Ability to interact with file upload functionality

Requires high privileges (reduces immediate risk but notable for insider threat)Low exploit complexityAffects availability and confidentialityPatch available from vendor

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

PowerSYSTEM Center: <=≤5.12.2305.10101 (Update 12 or Update 8+Hotfix)

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDValidate all SVG, JPG, and PNG files for hidden HTML elements and scripts before processing; verify that JPG and PNG files are not actually SVG files masquerading as images

WORKAROUNDDisable email notifications for reports if outbound connections and file validation cannot be fully implemented

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerSYSTEM Center to release 5.12.2305.10101 or later (identified as Update 12 or Update 8+Hotfix)

HARDENINGRestrict outbound internet connectivity from PowerSYSTEM Center using network firewall rules to prevent potential data exfiltration or command-and-control communication

CVEs (2)

CVE-2023-32659 CVE-2023-29158

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c894fbe0-d8bc-49ef-95ea-8da569e6426a

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.