Critical Vulnerabilities in Subnet Solutions' PowerSYSTEM: Immediate Action Required

  • Thread Author

Executive Summary​

In a timely alert issued by the Cybersecurity and Infrastructure Security Agency (CISA), significant vulnerabilities have been identified within Subnet Solutions' PowerSYSTEM Center, a key operational technology (OT) device management platform. These vulnerabilities, carrying a CVSS v3.1 score of 9.8, indicate an alarming level of risk, specifically highlighting their potential for remote exploitation with low attack complexity.

Key Details:​

  • Vendor: Subnet Solutions
  • Affected Equipment: PowerSYSTEM Center
  • Vulnerabilities Identified:
    • Improper Restriction of XML External Entity Reference (CWE-611)
    • Integer Overflow or Wraparound (CWE-190)
As organizations rely increasingly on interconnected systems, understanding these vulnerabilities and taking action is imperative. The responsible handling of such weaknesses can be the difference between robust security and a potentially catastrophic breach.

Risk Evaluation​

The successful exploitation of these vulnerabilities poses a grave threat – attackers could trigger an integer overflow, allowing unauthorized actions on the affected devices. This could lead to system malfunctions, data corruption, or unauthorized access, underscoring the urgent need for remedial action.

Technical Details​

Affected Products​

The versions impacted by these vulnerabilities include:
  • PowerSYSTEM Center PSC 2020: v5.22.x and earlier

Vulnerability Overview​

1. Improper Restriction of XML External Entity Reference (CWE-611)

  • Discovered in the xmlparse.c of the libexpat library (versions prior to 2.6.3), the system fails to reject a negative length during XML parsing.
  • CVE Identifier: CVE-2024-45490

2. Integer Overflow or Wraparound (CWE-190)

Multiple instances within the libexpat library can lead to significant vulnerabilities:
  • DtdCopy routine poses an integer overflow risk on 32-bit platforms, which could allow exploiters to manipulate memory and execute malicious code.
  • CVE Identifiers:

Background​

These vulnerabilities primarily concern critical infrastructure sectors like Critical Manufacturing and Energy, making their exploitation particularly dangerous given these sectors' reliance on continuous, reliable operations.

Research Input​

Subnet Solutions Inc. has proactively reported these vulnerabilities to CISA, reflecting an industry-wide commitment to bolstering cybersecurity.

Mitigations​

To safeguard systems against these vulnerabilities, users are strongly recommended to:
  1. Update the Software: Upgrade to PowerSYSTEM Center 2020 Update 23, where known vulnerabilities will be resolved.
  2. Apply Security Measures:
    • Implement application allow-listing to restrict unauthorized software.
    • Ensure that Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) settings are enabled via Windows Security.
CISA also advises organizations to minimize network exposure for control systems and secure remote access methods using Virtual Private Networks (VPNs).

Final Recommendations​

Organizations integrating Subnet Solutions' PowerSYSTEM Center into their operations must take immediate measures to mitigate the risks associated with these vulnerabilities. By focusing on updating systems and reinforcing network security practices, they can protect their assets from possible exploitation.
In a world where cyber threats evolve rapidly, staying abreast of vulnerabilities and implementing recommended practices is not just a guideline; it's an essential strategy for survival in an increasingly connected landscape.
Now is the time for proactive defense. Have you reviewed your systems for compliance with these best practices? What additional steps are you taking to safeguard your infrastructure? Share your thoughts and strategies in the comments below!
Stay secure, Windows users!

Source: CISA Subnet Solutions PowerSYSTEM Center