Unauthorized Deletion Vulnerability in PowerSYSTEM Center by Rockwell Automation
CVE-2026-35555

7HIGH

Key Information:

Vendor: Subnet Solutions
Status: Powersystem Center 2024; Powersystem Center 2026
Vendor: CVE Published:; 12 May 2026

🔔 Create Subnet Solutions Vulnerability Alert

What is CVE-2026-35555?

The PowerSYSTEM Center feature for device project groups includes a critical flaw that permits authenticated users with insufficient permissions to delete project groups without authorization. This vulnerability poses a significant risk, as it can lead to potential disruption of service and loss of important project data, compromising the integrity of the system's operations. Organizations using affected versions need to apply timely updates or patches to mitigate this issue.

Affected Version(s)

PowerSYSTEM Center 2024 6.0.x <= 6.1.x

PowerSYSTEM Center 2026 7.0.x

References

https://www.cisa.gov/news-events/ics-advisories/icsa-26-1...

https://github.com/cisagov/CSAF/blob/develop/csaf_files/O...

CVSS V4

Score:

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2026
Vulnerability Reserved
Apr 16, 2026

Credit

Kelly Stich of Subnet Solutions Inc. reported these vulnerabilities to CISA.

CVE-2026-35555 Data

JSON