CVE-2025-31935
6.2
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Subnet Solutions
PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-service condition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Subnet Solutions | PowerSYSTEM Center 2020 | 0 <= 5.24.x | affected |
Weaknesses
- CWE-502: CWE-502 Deserialization of Untrusted Data
Workarounds
If updating PSC is not possible, Subnet Solutions Inc recommends users apply the following mitigations to help reduce risk:
- Disable Notification Service, Email Dispatch Service, or the outgoing email server in Notifications/Settings.
- Configure PowerSYSTEM Center DCS network firewall to only allow connections to an approved and authorized email server.
- Manage administrator access to PowerSYSTEM Center DCS operating system.
- Monitor user activity records to ensure users are following acceptable usage policies of the application.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.