Information Exposure Vulnerability in PowerSYSTEM Center by CISA
CVE-2026-33570

6.9MEDIUM

Key Information:

Vendor: Subnet Solutions
Status: Powersystem Center 2020
Vendor: CVE Published:; 12 May 2026

🔔 Create Subnet Solutions Vulnerability Alert

What is CVE-2026-33570?

The PowerSYSTEM Center REST API for devices can be exploited by an authenticated user with low privileges, allowing access to sensitive information that is typically restricted by operational permissions. This vulnerability poses a significant risk as it potentially enables unauthorized users to obtain data that should only be available to users with higher privileges. Organizations utilizing the PowerSYSTEM Center should assess their access controls and monitor API usage to mitigate this exposure.

Affected Version(s)

PowerSYSTEM Center 2020 5.11.x <= 5.28.x

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 16, 2026

Credit

Kelly Stich of Subnet Solutions Inc. reported these vulnerabilities to CISA.

CVE-2026-33570 Data

JSON