Lucene search

IcscertCVELIST:CVE-2023-32659

HistoryJun 19, 2023 - 8:18 p.m.

CVE-2023-32659 SUBNET PowerSYSTEM Center Cross-site Scripting

2023-06-1920:18:36

CWE-79

icscert

www.cve.org

cve-2023-32659

subnet powersystem center

cross-site scripting

vulnerability

email notifications

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:L

EPSS

0.001

Percentile

18.7%

JSON

SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "PowerSYSTEM Center",
    "vendor": "SUBNET Solutions Inc.",
    "versions": [
      {
        "lessThanOrEqual": "2020 U10",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.cisa.gov/news-events/ics-advisories/icsa-23-166-01

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:L

EPSS

0.001

Percentile

18.7%

JSON

Related for CVELIST:CVE-2023-32659