ICSA-24-317-01 · Published 2024-11-12 · View on CISA ICS-CERT ↗

Subnet Solutions PowerSYSTEM Center

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to cause an integer overflow on the affected device.

CVE-2024-45490 CVE-2024-45491 CVE-2024-45492

Subnet Solutions inc. reports that dependencies have been updated and vulnerabilities are to be addressed in PowerSYSTEM Center 2020 Update 23 release.
Subnet Solutions inc. strongly recommends users update to the latest version. If this is not possible, the following mitigations have been identified:
Apply application allow-listing to prevent unauthorized executables from running.
Ensure Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) are enabled within the operating system. Memory protection controls can be enabled via Windows Security. Please refer to this article for reference.

Subnet Solutions

Subnet Solutions · PowerSYSTEM Center PSC 2020 <=v5.22.x

Critical Manufacturing, Energy

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.