Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

PowerSYSTEM Center 2024

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-26289
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.4||HIGH
EPSS-0.03% / 9.73%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 21:02
Updated-13 May, 2026 | 00:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.

Action-Not Available
Vendor-Subnet Solutions
Product-PowerSYSTEM Center 2020PowerSYSTEM Center 2026PowerSYSTEM Center 2024
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-35555
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7||HIGH
EPSS-0.02% / 6.94%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 20:48
Updated-13 May, 2026 | 00:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.

Action-Not Available
Vendor-Subnet Solutions
Product-PowerSYSTEM Center 2026PowerSYSTEM Center 2024
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-35504
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.1||MEDIUM
EPSS-0.01% / 1.82%
||
7 Day CHG~0.00%
Published-12 May, 2026 | 20:19
Updated-12 May, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Subnet Solutions PowerSYSTEM Center CRLF injection

PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.

Action-Not Available
Vendor-Subnet Solutions
Product-PowerSYSTEM Center 2020PowerSYSTEM Center 2026PowerSYSTEM Center 2024
CWE ID-CWE-93
Improper Neutralization of CRLF Sequences ('CRLF Injection')