{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-28042","assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","state":"PUBLISHED","assignerShortName":"icscert","dateReserved":"2024-04-12T20:44:48.685Z","datePublished":"2024-05-15T16:44:19.227Z","dateUpdated":"2024-08-02T00:48:47.733Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"PowerSYSTEM Center","vendor":"SUBNET","versions":[{"lessThan":"19","status":"affected","version":"0","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","value":"SUBNET Solutions reported these vulnerabilities to CISA."}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center."}],"value":"SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"LOCAL","baseScore":8.6,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1357","description":"CWE-1357","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2024-05-28T16:28:31.073Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Center. \nUsers are advised to update to version 5.20.x.x or newer. To obtain this\n software, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\">Subnet Solution's Customer Service.</a>\n\n<br>"}],"value":"Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Center. \nUsers are advised to update to version 5.20.x.x or newer. To obtain this\n software, contact  Subnet Solution's Customer Service. https://subnet.com/contact/"}],"source":{"advisory":"ICSA-24-135-02","discovery":"INTERNAL"},"title":"SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component","x_generator":{"engine":"Vulnogram 0.2.0"}},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-28042","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"version":"2.0.3","timestamp":"2024-05-16T18:29:11.493718Z"}}}],"affected":[{"cpes":["cpe:2.3:a:subnet:powersystem_center:*:*:*:*:*:*:*:*"],"vendor":"subnet","product":"powersystem_center","versions":[{"status":"affected","version":"0","lessThan":"5.20.x.x ","versionType":"custom"}],"defaultStatus":"unknown"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T18:03:40.885Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T00:48:47.733Z"},"title":"CVE Program Container","references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02","tags":["x_transferred"]}]}]}}