Lucene search

[email protected]CVE-2023-32659

HistoryJun 19, 2023 - 9:15 p.m.

CVE-2023-32659

2023-06-1921:15:42

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-32659

subnet powersystem center

cross-site scripting

vulnerability

code injection

email notifications

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:L

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.

Affected configurations

NVD

Node

subnetpowersystem_centerRange<2020

subnetpowersystem_centerMatch2020-

subnetpowersystem_centerMatch2020u10

CPENameOperatorVersion
subnet:powersystem_centersubnet powersystem centerlt2020

CPE	Name	Operator	Version
subnet:powersystem_center	subnet powersystem center	lt	2020

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerSYSTEM Center",
    "vendor": "SUBNET Solutions Inc.",
    "versions": [
      {
        "lessThanOrEqual": "2020 U10",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-166-01

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:L

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for CVE-2023-32659

nvd1 prion1 cvelist1 ics1