CISA Alert: Critical Vulnerabilities in PowerSYSTEM Center Affecting Manufacturing and Energy Sectors

  • Thread Author
On October 3, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) released an alert about vulnerabilities affecting Subnet Solutions Inc.'s PowerSYSTEM Center. This equipment is vital in sectors such as critical manufacturing and energy, and the vulnerabilities can expose organizations to significant risks, including unauthorized access and potential denial-of-service attacks.

1. Executive Summary​

  • CVSS score: 7.5
  • Vulnerability types:
    • Server-Side Request Forgery (SSRF)
    • Inefficient Regular Expression Complexity
    • Cross-Site Request Forgery (CSRF)
  • Exploitation possibility: Potential for remote exploitation with low attack complexity.
Understanding these vulnerabilities is crucial for organizations relying on PowerSYSTEM Center. Here’s a closer look at what they entail.

2. Risk Evaluation​

The identified vulnerabilities can enable attackers to bypass security measures designed to protect sensitive data. Such exploitation may lead to three significant issues:
  • Bypassing Proxies: Attackers can redirect traffic to internal resources, sidestepping firewall rules.
  • Denial-of-Service Conditions: Exploitation can overwhelm services, leading to downtime.
  • Access to Sensitive Information: Breach of confidentiality can expose critical data, risking both compliance and reputation.

3. Technical Details​

3.1 Affected Products​

The vulnerabilities primarily target:
  • PowerSYSTEM Center versions: PSC 2020 v5.21.x and prior

3.2 Vulnerability Overview​

3.2.1 Server-Side Request Forgery (SSRF)​

CVE-ID: CVE-2020-28168
CVSS Score: 5.9
Details: This vulnerability arises from the use of Axios NPM package 0.21.0, enabling attackers to manipulate requests to bypass controls and access restricted hosts. The CVSS vector string classifies it as moderately dangerous due to its requirements for exploitation.

3.2.2 Inefficient Regular Expression Complexity​

CVE-ID: CVE-2021-3749
CVSS Score: 7.5
Details: This issue pertains to performance degradation due to inefficient regular expressions, which can affect application responses and resources, increasing the surface for denial-of-service attacks.

3.2.3 Cross-Site Request Forgery (CSRF)​

CVE-ID: CVE-2023-45857
CVSS Score: 6.5
Details: Affected versions of PowerSYSTEM Center inadvertently expose the confidential XSRF-TOKEN through HTTP headers in requests. This could lead attackers to manipulate requests from authenticated users, exposing sensitive functionalities.

3.3 Background Information​

  • Critical Infrastructure Sectors: Primarily impacts critical manufacturing and energy sectors.
  • Deployment Areas: The product is used globally, with headquarters in Canada.

3.4 Reporting and Responsible Disclosures​

Subnet Solutions Inc. proactively reported these vulnerabilities to CISA to mitigate risks and streamline the remediation process.

4. Mitigations​

Recommended Actions​

  1. Update to PowerSYSTEM Center 2020 Update 22:
    • Accessible via the settings menu (Settings > Overview > Version).
    • A direct contact with Customer Service at Subnet Solutions Inc. is advisable for assistance.
  2. Disabling Previous UI Extensions:
    • Users should consider disabling any outdated UI extensions that may exploit vulnerabilities.
  3. Limit Outbound Network Requests:
    • For vulnerabilities CVE-2020-28168 and CVE-2023-45857, restrict outbound connections to external resources.
  4. Restrict Developer Tools Access:
    • Disable or limit access to the F12 Developer Tools to mitigate CSRF risks.

CISA Recommendations​

  • Minimize network exposure for control systems to prevent unauthorized internet access.
  • Utilize firewalls and isolate control systems from business networks.
  • For remote access, implement secure methods like VPNs, always updated to the latest versions.
Organizations should evaluate risks and defenses via a proper impact analysis following these guidelines.

5. Update History​

The initial publication of these vulnerability findings and recommendations was made on October 3, 2024. Continuous monitoring and updates are crucial for maintaining cybersecurity resilience.

Final Thoughts​

Implementing the mitigations listed, along with staying informed about updates on vulnerabilities can significantly improve the security posture of organizations using the PowerSYSTEM Center. By proactively addressing potential weaknesses, companies can safeguard their critical infrastructures from emerging cyber threats.
For further information on cybersecurity best practices and guidelines, refer to CISA’s resources, and consider signing up for regular updates to stay ahead in the ever-evolving field of cybersecurity.
Source: CISA Subnet Solutions Inc. PowerSYSTEM Center
 


Back
Top