SUBNET Solutions Inc.
Products
3- 7 CVEs
- 4 CVEs
- 1 CVE
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-26024 | Hig | 0.55 | 8.4 | 0.00 | May 28, 2024 | SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server. | ||
| CVE-2024-28042 | Hig | 0.55 | 8.4 | 0.00 | May 15, 2024 | SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center. | ||
| CVE-2024-3313 | Hig | 0.55 | 8.4 | 0.00 | Apr 9, 2024 | SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021. | ||
| CVE-2023-6631 | Hig | 0.51 | 7.8 | 0.00 | Jan 8, 2024 | PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. | ||
| CVE-2023-32659 | Med | 0.42 | 6.5 | 0.00 | Jun 19, 2023 | SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email… | ||
| CVE-2025-31935 | Med | 0.40 | 6.2 | 0.00 | Apr 11, 2025 | Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition. | ||
| CVE-2023-29158 | Med | 0.40 | 6.1 | 0.01 | Jun 19, 2023 | SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. | ||
| CVE-2026-35504 | Med | 0.36 | 5.5 | 0.00 | May 12, 2026 | PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication. | ||
| CVE-2025-31354 | Med | 0.28 | 4.3 | 0.00 | Apr 11, 2025 | Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters. | ||
| CVE-2014-2357 | 0.00 | — | 0.03 | Aug 11, 2014 | The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message. | |||
| CVE-2013-2788 | 0.00 | — | 0.01 | Sep 17, 2013 | The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. |
- risk 0.55cvss 8.4epss 0.00
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.
- risk 0.55cvss 8.4epss 0.00
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center.
- risk 0.55cvss 8.4epss 0.00
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Server 2021 and Substation Server 2021.
- risk 0.51cvss 7.8epss 0.00
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
- risk 0.42cvss 6.5epss 0.00
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email…
- risk 0.40cvss 6.2epss 0.00
Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition.
- risk 0.40cvss 6.1epss 0.01
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity.
- risk 0.36cvss 5.5epss 0.00
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.
- risk 0.28cvss 4.3epss 0.00
Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters.
- CVE-2014-2357Aug 11, 2014risk 0.00cvss —epss 0.03
The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message.
- CVE-2013-2788Sep 17, 2013risk 0.00cvss —epss 0.01
The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors.