Search criteria
3 vulnerabilities by SUBNET
CVE-2024-26024 (GCVE-0-2024-26024)
Vulnerability from cvelistv5 – Published: 2024-05-28 16:34 – Updated: 2024-08-01 23:59
VLAI?
Title
SUBNET Substation Server Reliance on Insufficiently Trustworthy Component
Summary
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUBNET | Substation Server |
Affected:
0 , ≤ 2.23.10
(custom)
|
Credits
SUBNET Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:subnet:substation_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substation_server",
"vendor": "subnet",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:33:24.972555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:35:45.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:31.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Substation Server",
"vendor": "SUBNET",
"versions": [
{
"lessThanOrEqual": "2.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SUBNET Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.\n\n"
}
],
"value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1357",
"description": "CWE-1357",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:34:32.486Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSubnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\"\u003eSubnet Solution\u0027s Customer Service.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact Subnet Solution\u0027s Customer Service. https://subnet.com/contact/"
}
],
"source": {
"advisory": "ICSA-24-128-02",
"discovery": "INTERNAL"
},
"title": "SUBNET Substation Server Reliance on Insufficiently Trustworthy Component",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-26024",
"datePublished": "2024-05-28T16:34:32.486Z",
"dateReserved": "2024-04-12T20:44:48.680Z",
"dateUpdated": "2024-08-01T23:59:31.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28042 (GCVE-0-2024-28042)
Vulnerability from cvelistv5 – Published: 2024-05-15 16:44 – Updated: 2024-08-02 00:48
VLAI?
Title
SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component
Summary
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center.
Severity ?
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUBNET | PowerSYSTEM Center |
Affected:
0 , < 19
(custom)
|
Credits
SUBNET Solutions reported these vulnerabilities to CISA.
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:subnet:powersystem_center:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "powersystem_center",
"vendor": "subnet",
"versions": [
{
"lessThan": "5.20.x.x ",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T18:29:11.493718Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:40.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:47.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "PowerSYSTEM Center",
"vendor": "SUBNET",
"versions": [
{
"lessThan": "19",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SUBNET Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center."
}
],
"value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1357",
"description": "CWE-1357",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:28:31.073Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-135-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Center. \nUsers are advised to update to version 5.20.x.x or newer. To obtain this\n software, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\"\u003eSubnet Solution\u0027s Customer Service.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of PowerSYSTEM Center. \nUsers are advised to update to version 5.20.x.x or newer. To obtain this\n software, contact Subnet Solution\u0027s Customer Service. https://subnet.com/contact/"
}
],
"source": {
"advisory": "ICSA-24-135-02",
"discovery": "INTERNAL"
},
"title": "SUBNET PowerSYSTEM Center Reliance on Insufficiently Trustworthy Component",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-28042",
"datePublished": "2024-05-15T16:44:19.227Z",
"dateReserved": "2024-04-12T20:44:48.685Z",
"dateUpdated": "2024-08-02T00:48:47.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2357 (GCVE-0-2014-2357)
Vulnerability from cvelistv5 – Published: 2014-08-11 22:00 – Updated: 2025-10-03 17:14
VLAI?
Title
SUBNET SubSTATION Server 2 Telegyr 8979 Master Protocol Improper Input Validation
Summary
The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message.
Severity ?
No CVSS data available.
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SUBNET | SubSTATION Server 2 Telegyr 8979 Master Protocol |
Affected:
all versions
|
Credits
Adam Crain of Automatak and Chris Sistrunk of Mandiant
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:14:25.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-196-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SubSTATION Server 2 Telegyr 8979 Master Protocol",
"vendor": "SUBNET",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Crain of Automatak and Chris Sistrunk of Mandiant"
}
],
"datePublic": "2014-07-31T06:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message.\u003c/p\u003e"
}
],
"value": "The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message."
}
],
"metrics": [
{
"cvssV2_0": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-03T17:14:03.235Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-196-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSUBNET has produced hot fix \u201cSSNET v2.12 HF18808\u201d to resolve this issue.\u003c/p\u003e\u003cp\u003eThis hot fix can be obtained by secure FTP provided by the SUBNET \nsupport department. Please contact SUBNET Customer Support at: (403) \n270-8885, or by email at: \u003ca target=\"_blank\" rel=\"nofollow\"\u003esupport@SUBNET.com\u0026nbsp;\u003c/a\u003eand reference SUBNET Release Bulletin \u201cSubSTATION Server 2.12 HF18808 \nRelease, 21 May 2014\u201d for a copy of this release bulletin and \ndownload/installation information (This bulletin is being sent to \nregistered users only).\u003c/p\u003e\n\u003cp\u003eVendor Recommendation:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eThe exploit results in an unrecoverable exception, but all software \ncomponents are registered as Services under Windows and can be \nconfigured to automatically restart after any stoppage. Users can \nconfigure the service to automatically restart, which limits the DoS to a\n momentary disruption.\u003c/li\u003e\n\u003cli\u003eBackward compatible releases will be available by request for customers using older versions of SubSTATION Server.\u003c/li\u003e\n\u003c/ul\u003e\n\n\u003cbr\u003e"
}
],
"value": "SUBNET has produced hot fix \u201cSSNET v2.12 HF18808\u201d to resolve this issue.\n\nThis hot fix can be obtained by secure FTP provided by the SUBNET \nsupport department. Please contact SUBNET Customer Support at: (403) \n270-8885, or by email at: support@SUBNET.com\u00a0and reference SUBNET Release Bulletin \u201cSubSTATION Server 2.12 HF18808 \nRelease, 21 May 2014\u201d for a copy of this release bulletin and \ndownload/installation information (This bulletin is being sent to \nregistered users only).\n\n\nVendor Recommendation:\n\n\n\n * The exploit results in an unrecoverable exception, but all software \ncomponents are registered as Services under Windows and can be \nconfigured to automatically restart after any stoppage. Users can \nconfigure the service to automatically restart, which limits the DoS to a\n momentary disruption.\n\n * Backward compatible releases will be available by request for customers using older versions of SubSTATION Server."
}
],
"source": {
"advisory": "ICSA-14-196-01",
"discovery": "EXTERNAL"
},
"title": "SUBNET SubSTATION Server 2 Telegyr 8979 Master Protocol Improper Input Validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2014-2357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-14-196-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-14-196-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2014-2357",
"datePublished": "2014-08-11T22:00:00.000Z",
"dateReserved": "2014-03-13T00:00:00.000Z",
"dateUpdated": "2025-10-03T17:14:03.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}