Subnet Solutions PowerSYSTEM Center Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Subnet Solutions PowerSYSTEM Center (PSC) 2020, versions 5.24.x and prior. This vulnerability arises from a mishandling of exceptional conditions, where crafted data sent to the API can trigger an exception, leading to a denial-of-service condition.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, disrupting the normal operation of the application.

Remediation

Users are advised to update PowerSYSTEM Center to the latest versions: PSC 2020 Update 25 or PSC 2024. If an update is not possible, users can disable the Notification Service, Email Dispatch Service, or the outgoing email server in Notifications/Settings. Additionally, configure the PowerSYSTEM Center DCS network firewall to only allow connections to an approved email server, manage administrator access to the PowerSYSTEM Center DCS operating system, and monitor user activity records to ensure compliance with acceptable usage policies. For assistance with updating PSC, contact Subnet Solutions.