Subnet Solutions PowerSYSTEM Center

Plan PatchCVSS 9.8ICS-CERT ICSA-24-317-01Nov 12, 2024

Subnet SolutionsEnergy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

An integer overflow vulnerability exists in PowerSYSTEM Center 2020 version 5.22.x and earlier. The vulnerability (CWE-611, CWE-190) could allow a remote attacker without credentials to cause memory corruption and potentially execute arbitrary code on the affected device. PowerSYSTEM Center is used for energy management and power system control, making this a critical risk to grid operations.

What this means

What could happen

An attacker could trigger an integer overflow in PowerSYSTEM Center, potentially allowing remote code execution on the energy management system, which could disrupt power grid operations or alter critical control functions.

Who's at risk

Energy utilities and infrastructure operators running PowerSYSTEM Center 2020 for power system management and control. This includes generation facilities, transmission operators, distribution control centers, and energy management system (EMS) operators that depend on PowerSYSTEM Center for real-time monitoring and dispatch.

How it could be exploited

An attacker with network access to PowerSYSTEM Center could send a crafted network request that triggers an integer overflow condition in the application. Successful exploitation could lead to memory corruption and arbitrary code execution on the affected device, allowing the attacker to control the energy management system.

Prerequisites

Network access to PowerSYSTEM Center on the affected port
No credentials required - the vulnerability is in pre-authentication code paths

remotely exploitableno authentication requiredlow complexitycritical CVSS 9.8affects energy sector control systems

Exploitability

Some exploitation risk — EPSS score 1.4%

Affected products (1)

ProductAffected VersionsFix Status

PowerSYSTEM Center PSC 2020: <=v5.22.x≤ v5.22.xUpdate 23+

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGRestrict network access to PowerSYSTEM Center to only authorized workstations and systems. Firewall the device so it is not reachable from the business network or internet.

HARDENINGEnable Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) on the Windows operating system hosting PowerSYSTEM Center through Windows Security settings

WORKAROUNDDeploy application allow-listing to prevent unauthorized executables from running on the PowerSYSTEM Center server

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate PowerSYSTEM Center 2020 to Update 23 or later

CVEs (3)

CVE-2024-45490 CVE-2024-45491 CVE-2024-45492

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a8f1d2e5-ce97-4d54-9466-c18f1b2192ef

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.