Local Privilege Escalation Vulnerability in PowerSYSTEM Center by Subnet
CVE-2023-6631

7.8HIGH

Key Information:

Vendor: Subnet Solutions Inc.
Status: Powersystem Center
Vendor: CVE Published:; 8 January 2024

🔔 Create Subnet Solutions Inc. Vulnerability Alert

What is CVE-2023-6631?

PowerSYSTEM Center, developed by Subnet, contains a vulnerability present in versions up to and including 2020 Update 16. This vulnerability can be exploited by an authorized local user to insert arbitrary code due to the application's unquoted service path. This oversight allows attackers to escalate their privileges and execute malicious commands within the environment, posing significant risks to system integrity and security. Implementing patches and best practices to manage service paths is critical to mitigating potential exploitation.

Affected Version(s)

PowerSYSTEM Center 2020 v5.0.x <= 5.16.x

References

https://www.cisa.gov/news-events/ics-advisories/icsa-23-3...

https://subnet.com/contact/

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2024

CVE-2023-6631 Data

JSON