OTPulse
FeedAboutContact

Subnet Solutions PowerSYSTEM Center

Monitor6.5ICS-CERT ICSA-24-200-02Jul 18, 2024
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary

Subnet Solutions PowerSYSTEM Center 2020 Update 20 and earlier contains an insecure permission model (CWE-1321) that allows an authenticated attacker to elevate privileges. Successful exploitation could allow an authenticated user to gain administrative access to the system. The vulnerability affects PowerSYSTEM Center 2020 versions up to and including Update 20.

What this means
What could happen
An authenticated attacker could gain elevated permissions on PowerSYSTEM Center, potentially allowing them to modify system configurations, alter energy management settings, or disrupt grid control operations.
Who's at risk
Energy sector organizations operating Subnet Solutions PowerSYSTEM Center for grid management and control system operations. This affects any facility using PowerSYSTEM Center 2020 Update 20 or earlier for energy distribution, generation, or transmission management.
How it could be exploited
An attacker with valid credentials to PowerSYSTEM Center can exploit an insecure permission model (CWE-1321) to escalate their privileges from a standard user account to administrative access. This requires the attacker to already have authenticated access to the system, typically through compromised credentials or insider access.
Prerequisites
  • Valid user account credentials for PowerSYSTEM Center
  • Network access to the PowerSYSTEM Center application interface
  • System running PowerSYSTEM Center 2020 Update 20 or earlier
Authenticated attacker requiredLow complexity exploitationPrivilege escalation can lead to unauthorized system modificationNo public exploit confirmed yet
Exploitability
Moderate exploit probability (EPSS 6.4%)
Affected products (1)
ProductAffected VersionsFix Status
PowerSYSTEM Center 2020: <=Update_20≤ Update 20Update 21 or later
Remediation & Mitigation
0/4
Do now
0/3
HARDENINGRestrict network access to PowerSYSTEM Center by placing it behind a firewall and isolating it from business networks and the internet. Only allow access from authorized engineering workstations and control system networks.
HARDENINGIf remote access to PowerSYSTEM Center is required, enforce access through a VPN with up-to-date security patches and strong authentication.
HARDENINGReview and strengthen access controls for PowerSYSTEM Center user accounts. Implement principle of least privilege so users have only the minimum permissions required for their role.
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade PowerSYSTEM Center 2020 to Update 21 or later. Contact Subnet Solutions Customer Service to obtain the software.
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/48b413c0-fea8-4d8b-b736-85bf18b7a824