SUBNET PowerSYSTEM Center Cross-site Scripting
CVE-2023-32659

6.5MEDIUM

Key Information:

Vendor: Subnet Solutions Inc.
Status: Powersystem Center
Vendor: CVE Published:; 19 June 2023

🔔 Create Subnet Solutions Inc. Vulnerability Alert

What is CVE-2023-32659?

SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.

Affected Version(s)

PowerSYSTEM Center 0 <= 2020 U10

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-1...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2023
Vulnerability Reserved
May 25, 2023

Credit

SUBNET Solutions reported these vulnerabilities to CISA.

CVE-2023-32659 Data

JSON