Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

PowerSYSTEM Center 2020

Source -

CNA

CNA CVEs -

5

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
5Vulnerabilities found
CVE-2026-26289
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.4||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 21:02
Updated-13 May, 2026 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.

Action-Not Available
Vendor-Subnet Solutions
Product-PowerSYSTEM Center 2020PowerSYSTEM Center 2026PowerSYSTEM Center 2024
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-33570
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 6.28%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 20:59
Updated-13 May, 2026 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions.

Action-Not Available
Vendor-Subnet Solutions
Product-PowerSYSTEM Center 2020
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-35504
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 1.82%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 20:19
Updated-12 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Subnet Solutions PowerSYSTEM Center CRLF injection

PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.

Action-Not Available
Vendor-Subnet Solutions
Product-PowerSYSTEM Center 2020PowerSYSTEM Center 2026PowerSYSTEM Center 2024
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')
CVE-2025-31935
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.9||MEDIUM
EPSS-0.14% / 34.16%
||
7 Day CHG-0.05%
Published-11 Apr, 2025 | 15:33
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Subnet Solutions PowerSYSTEM Center Deserialization of Untrusted Data

Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition.

Action-Not Available
Vendor-Subnet Solutions
Product-PowerSYSTEM Center 2020
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2025-31354
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.3||MEDIUM
EPSS-0.12% / 30.45%
||
7 Day CHG+0.02%
Published-11 Apr, 2025 | 15:30
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Subnet Solutions PowerSYSTEM Center Out-of-Bounds Read

Subnet Solutions PowerSYSTEM Center's SMTPS notification service can be affected by importing an EC certificate with crafted F2m parameters, which can lead to excessive CPU consumption during the evaluation of the curve parameters.

Action-Not Available
Vendor-Subnet Solutions
Product-PowerSYSTEM Center 2020
CWE ID-CWE-125
Out-of-bounds Read