Subnet Solutions Inc. PowerSYSTEM Center

Risk Summary

Successful exploitation of these vulnerabilities could result in an attacker bypassing a proxy, creating a denial-of-service condition, or viewing sensitive information.

CVEs (3)

Remediations

• Subnet Solutions Inc. recommends users update to PowerSYSTEM Center 2020 Update 22, which can be located in the PowerSYSTEM Center by accessing Settings > Overview > Version. Users may also contact Subnet Solution's Customer Service
• Subnet Solutions Inc. strongly recommends users update to the latest version. If this is not possible, the following paragraphs describe the security control compensation(s), mitigation(s), or workaround(s) available for identified vulnerabilities:
• For all vulnerabilities, users can disable usage of previous UI extensions.
• For CVE-2020-28168 and CVE-2023-45857, users can limit outbound connection requests from the PowerSYSTEM Center security zone to external websites.
• For CVE-2023-45857 and CVE-2021-3749, users can disable PowerSYSTEM Center Client Access Server user's ability to access the browser's F12 Developer Tools to limit user ability to see HTTP headers and corresponding XSRF-TOKEN, and to manipulate requests to the PowerSYSTEM Center website.

Affected Vendors

Affected Products (1)

Affected Sectors

Critical Manufacturing, Energy