OTPulse
FeedAboutContact

SUBNET Substation Server

Plan Patch8.4ICS-CERT ICSA-24-128-02May 7, 2024
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Subnet Solutions Substation Server versions 2.23.10 and earlier contain vulnerabilities in third-party libraries that could allow local privilege escalation, denial-of-service, or arbitrary code execution. The vulnerabilities are not remotely exploitable and require local access to the server. Subnet Solutions has fixed these issues by updating and replacing outdated libraries in version 2.23.11 and newer.

What this means
What could happen
An attacker with local access to the Substation Server could escalate privileges, execute arbitrary code, or crash the server, potentially disrupting monitoring and control of critical substation equipment.
Who's at risk
Energy utilities and substation operators running Subnet Solutions Substation Server version 2.23.10 or earlier. This affects substation monitoring and control infrastructure, which is critical to power distribution and grid stability.
How it could be exploited
An attacker must have local (physical or local network) access to the Substation Server. They would exploit outdated libraries in the server to gain elevated privileges or run commands that could alter substation operations or cause the server to stop responding.
Prerequisites
  • Local or physical access to the Substation Server
  • No authentication required (exploits affect privilege escalation from unauthenticated local access)
  • Access to the vulnerable Substation Server version 2.23.10 or earlier
Low attack complexityNo authentication required for local exploitationPrivilege escalation possibleArbitrary code execution possibleDenial-of-service possibleAffects critical substation infrastructure
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Substation Server: <=2.23.10≤ 2.23.102.23.11 or newer
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict physical and local network access to Substation Server to authorized personnel and devices only
HARDENINGImplement access controls to limit who can log into or interact with the Substation Server console
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Substation Server to version 2.23.11 or newer
HARDENINGIsolate Substation Server on a dedicated network segment behind a firewall, separate from business networks and internet
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e00b2ed8-2681-4ee6-aa35-60b0244e797a