Search criteria
1 vulnerability found for Substation Server by SUBNET
CVE-2024-26024 (GCVE-0-2024-26024)
Vulnerability from cvelistv5 ā Published: 2024-05-28 16:34 ā Updated: 2024-08-01 23:59
VLAI?
Title
SUBNET Substation Server Reliance on Insufficiently Trustworthy Component
Summary
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUBNET | Substation Server |
Affected:
0 , ā¤ 2.23.10
(custom)
|
Credits
SUBNET Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:subnet:substation_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substation_server",
"vendor": "subnet",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:33:24.972555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:35:45.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:31.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Substation Server",
"vendor": "SUBNET",
"versions": [
{
"lessThanOrEqual": "2.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SUBNET Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.\n\n"
}
],
"value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1357",
"description": "CWE-1357",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:34:32.486Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSubnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\"\u003eSubnet Solution\u0027s Customer Service.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact Subnet Solution\u0027s Customer Service. https://subnet.com/contact/"
}
],
"source": {
"advisory": "ICSA-24-128-02",
"discovery": "INTERNAL"
},
"title": "SUBNET Substation Server Reliance on Insufficiently Trustworthy Component",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-26024",
"datePublished": "2024-05-28T16:34:32.486Z",
"dateReserved": "2024-04-12T20:44:48.680Z",
"dateUpdated": "2024-08-01T23:59:31.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}