Powersystem Center
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-35504 | Med | 0.36 | 5.5 | 0.00 | May 12, 2026 | PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication. | ||
| CVE-2023-6631 | 0.00 | — | 0.00 | Jan 8, 2024 | PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. | |||
| CVE-2023-32659 | 0.00 | — | 0.00 | Jun 19, 2023 | SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications. | |||
| CVE-2023-29158 | 0.00 | — | 0.00 | Jun 19, 2023 | SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. |
- risk 0.36cvss 5.5epss 0.00
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.
- CVE-2023-6631Jan 8, 2024risk 0.00cvss —epss 0.00
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
- CVE-2023-32659Jun 19, 2023risk 0.00cvss —epss 0.00
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.
- CVE-2023-29158Jun 19, 2023risk 0.00cvss —epss 0.00
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.