1. EXECUTIVE SUMMARY
- CVSS v4 6.9
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Subnet Solutions Inc.
- Equipment: Subnet PowerSYSTEM Center
- Vulnerability: Prototype Pollution
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an authenticated attacker to elevate permissions.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Subnet PowerSYSTEM Center are affected:
- PowerSYSTEM Center 2020: Update 20 and prior
3.2 Vulnerability Overview
3.2.1 IMPROPERLY CONTROLLED MODIFICATION OF OBJECT PROTOTYPE ATTRIBUTES (‘PROTOTYPE POLLUTION’) CWE-1321
Subnet PowerSYSTEM Center products are vulnerable to a prototype pollution vulnerability, which may allow an authenticated attacker to elevate permissions.
CVE-2023-26136 has been assigned to this vulnerability. A CVSS v3.1 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
A CVSS v4 score has also been calculated for CVE-2023-26136. A base score of 6.9 has been calculated; the CVSS vector string is (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N).
3.3 BACKGROUND
- CRITICAL INFRASTRUCTURE SECTORS: Critical Manufacturing, Energy
- COUNTRIES/AREAS DEPLOYED: Worldwide
- COMPANY HEADQUARTERS LOCATIO
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.This article has been indexed from All CISA AdvisoriesRead the original article: