Search
Find a vulnerability
Search criteria
4 vulnerabilities found for Substation Server by SUBNET
VAR-201408-0100
Vulnerability from variot - Updated: 2025-10-04 23:29The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message. SubSTATION Server is a versatile software for intelligent substation intelligence and IT networks for data aggregation, protocol translation, automation logic and more. A security vulnerability exists in the SubSTATION Server protocol. An attacker can trigger a buffer overflow by sending a specially crafted RTU message to the Telegyr 8979 master, causing a denial of service attack. SubSTATION Server is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. Attackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0100",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "substation server",
"scope": "lte",
"trust": 1.0,
"vendor": "subnet",
"version": "2.12"
},
{
"model": "substation server",
"scope": "lt",
"trust": 0.8,
"vendor": "subnet",
"version": "ssnet 2.12 hf18808 2"
},
{
"model": "server telegyr master protocol",
"scope": "eq",
"trust": 0.6,
"vendor": "substation",
"version": "28979"
},
{
"model": "substation server",
"scope": "eq",
"trust": 0.6,
"vendor": "subnet",
"version": "2.12"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "substation server",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "c08afcfe-1ec6-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04877"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003738"
},
{
"db": "NVD",
"id": "CVE-2014-2357"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:subnet:substation_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003738"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain of Automatak, and Chris Sistrunk of Mandiant",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-081"
}
],
"trust": 0.6
},
"cve": "CVE-2014-2357",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-2357",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "ics-cert@hq.dhs.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2014-2357",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2014-04877",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "c08afcfe-1ec6-11e6-abef-000c29c66e3d",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "ics-cert@hq.dhs.gov",
"id": "CVE-2014-2357",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2357",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2357",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04877",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201408-081",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "c08afcfe-1ec6-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "c08afcfe-1ec6-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04877"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003738"
},
{
"db": "NVD",
"id": "CVE-2014-2357"
},
{
"db": "NVD",
"id": "CVE-2014-2357"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The GPT library in the Telegyr 8979 Master Protocol application in SUBNET SubSTATION Server 2 before SSNET 2.12 HF18808 allows remote attackers to cause a denial of service (persistent service crash) via a long RTU-to-Master message. SubSTATION Server is a versatile software for intelligent substation intelligence and IT networks for data aggregation, protocol translation, automation logic and more. A security vulnerability exists in the SubSTATION Server protocol. An attacker can trigger a buffer overflow by sending a specially crafted RTU message to the Telegyr 8979 master, causing a denial of service attack. SubSTATION Server is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data. \nAttackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2357"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003738"
},
{
"db": "CNVD",
"id": "CNVD-2014-04877"
},
{
"db": "BID",
"id": "68992"
},
{
"db": "IVD",
"id": "c08afcfe-1ec6-11e6-abef-000c29c66e3d"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2357",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-14-196-01",
"trust": 3.0
},
{
"db": "BID",
"id": "68992",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2014-04877",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201408-081",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003738",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "109738",
"trust": 0.6
},
{
"db": "IVD",
"id": "C08AFCFE-1EC6-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "c08afcfe-1ec6-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04877"
},
{
"db": "BID",
"id": "68992"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003738"
},
{
"db": "NVD",
"id": "CVE-2014-2357"
}
]
},
"id": "VAR-201408-0100",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "c08afcfe-1ec6-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04877"
}
],
"trust": 1.5857143
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "c08afcfe-1ec6-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04877"
}
]
},
"last_update_date": "2025-10-04T23:29:43.157000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SUBNET SubSTATION Server",
"trust": 0.8,
"url": "http://www.subnet.com/products/substation-server.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003738"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-20",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003738"
},
{
"db": "NVD",
"id": "CVE-2014-2357"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-14-196-01"
},
{
"trust": 1.0,
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-14-196-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2357"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2357"
},
{
"trust": 0.6,
"url": "http://osvdb.com/show/osvdb/109738"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68992"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04877"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003738"
},
{
"db": "NVD",
"id": "CVE-2014-2357"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "c08afcfe-1ec6-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2014-04877"
},
{
"db": "BID",
"id": "68992"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-081"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003738"
},
{
"db": "NVD",
"id": "CVE-2014-2357"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-08T00:00:00",
"db": "IVD",
"id": "c08afcfe-1ec6-11e6-abef-000c29c66e3d"
},
{
"date": "2014-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04877"
},
{
"date": "2014-08-01T00:00:00",
"db": "BID",
"id": "68992"
},
{
"date": "2014-08-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-081"
},
{
"date": "2014-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003738"
},
{
"date": "2014-08-11T22:55:04.210000",
"db": "NVD",
"id": "CVE-2014-2357"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04877"
},
{
"date": "2014-08-01T00:00:00",
"db": "BID",
"id": "68992"
},
{
"date": "2014-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201408-081"
},
{
"date": "2014-08-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003738"
},
{
"date": "2025-10-03T18:15:33.907000",
"db": "NVD",
"id": "CVE-2014-2357"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201408-081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SUBNET SubSTATION Server of Telegyr 8979 Master Protocol Service disruption in applications (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003738"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow",
"sources": [
{
"db": "IVD",
"id": "c08afcfe-1ec6-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201408-081"
}
],
"trust": 0.8
}
}
VAR-201309-0198
Vulnerability from variot - Updated: 2025-04-11 22:59The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. SUBNET Solutions SubSTATION Server is a substation communication server. Attackers can exploit this issue to cause denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201309-0198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "substation server",
"scope": "eq",
"trust": 3.0,
"vendor": "subnet",
"version": "2.7.0033"
},
{
"model": "substation server",
"scope": "eq",
"trust": 3.0,
"vendor": "subnet",
"version": "2.8.0106"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "substation server",
"version": "2.7.0033"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "substation server",
"version": "2.8.0106"
}
],
"sources": [
{
"db": "IVD",
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea"
},
{
"db": "CNVD",
"id": "CNVD-2013-12973"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004191"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-184"
},
{
"db": "NVD",
"id": "CVE-2013-2788"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:subnet:substation_server",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004191"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adam Crain of Automatak and independent researcher Chris Sistrunk",
"sources": [
{
"db": "BID",
"id": "62270"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-184"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-2788",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-12973",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-2788",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-2788",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-12973",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-184",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2013-2788",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea"
},
{
"db": "CNVD",
"id": "CNVD-2013-12973"
},
{
"db": "VULMON",
"id": "CVE-2013-2788"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004191"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-184"
},
{
"db": "NVD",
"id": "CVE-2013-2788"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. SUBNET Solutions SubSTATION Server is a substation communication server. \nAttackers can exploit this issue to cause denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2788"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004191"
},
{
"db": "CNVD",
"id": "CNVD-2013-12973"
},
{
"db": "BID",
"id": "62270"
},
{
"db": "IVD",
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea"
},
{
"db": "VULMON",
"id": "CVE-2013-2788"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2788",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-13-252-01",
"trust": 3.1
},
{
"db": "BID",
"id": "62270",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-12973",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-184",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004191",
"trust": 0.8
},
{
"db": "IVD",
"id": "E016DFD4-633A-4359-8726-A8BC33A605EA",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2013-2788",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea"
},
{
"db": "CNVD",
"id": "CNVD-2013-12973"
},
{
"db": "VULMON",
"id": "CVE-2013-2788"
},
{
"db": "BID",
"id": "62270"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004191"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-184"
},
{
"db": "NVD",
"id": "CVE-2013-2788"
}
]
},
"id": "VAR-201309-0198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea"
},
{
"db": "CNVD",
"id": "CNVD-2013-12973"
}
],
"trust": 1.3714286
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea"
},
{
"db": "CNVD",
"id": "CNVD-2013-12973"
}
]
},
"last_update_date": "2025-04-11T22:59:04.941000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SUBNET SubSTATION Server",
"trust": 0.8,
"url": "http://www.subnet.com/products/substation-server.aspx"
},
{
"title": "SUBNET Solutions SubSTATION Server has a patch for an unknown remote denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/39459"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12973"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004191"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004191"
},
{
"db": "NVD",
"id": "CVE-2013-2788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://ics-cert.us-cert.gov/advisories/icsa-13-252-01"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2788"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2788"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62270"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-12973"
},
{
"db": "VULMON",
"id": "CVE-2013-2788"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004191"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-184"
},
{
"db": "NVD",
"id": "CVE-2013-2788"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea"
},
{
"db": "CNVD",
"id": "CNVD-2013-12973"
},
{
"db": "VULMON",
"id": "CVE-2013-2788"
},
{
"db": "BID",
"id": "62270"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004191"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-184"
},
{
"db": "NVD",
"id": "CVE-2013-2788"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-13T00:00:00",
"db": "IVD",
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea"
},
{
"date": "2013-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12973"
},
{
"date": "2013-09-17T00:00:00",
"db": "VULMON",
"id": "CVE-2013-2788"
},
{
"date": "2013-09-09T00:00:00",
"db": "BID",
"id": "62270"
},
{
"date": "2013-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004191"
},
{
"date": "2013-09-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-184"
},
{
"date": "2013-09-17T12:04:24.743000",
"db": "NVD",
"id": "CVE-2013-2788"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-09-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-12973"
},
{
"date": "2013-09-18T00:00:00",
"db": "VULMON",
"id": "CVE-2013-2788"
},
{
"date": "2013-10-21T00:18:00",
"db": "BID",
"id": "62270"
},
{
"date": "2013-09-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004191"
},
{
"date": "2013-09-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-184"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-2788"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-184"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SUBNET Solutions SubSTATION Server Unknown remote denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea"
},
{
"db": "CNVD",
"id": "CNVD-2013-12973"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation",
"sources": [
{
"db": "IVD",
"id": "e016dfd4-633a-4359-8726-a8bc33a605ea"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-184"
}
],
"trust": 0.8
}
}
CVE-2024-26024 (GCVE-0-2024-26024)
Vulnerability from nvd – Published: 2024-05-28 16:34 – Updated: 2024-08-01 23:59
VLAI
Title
SUBNET Substation Server Reliance on Insufficiently Trustworthy Component
Summary
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUBNET | Substation Server |
Affected:
0 , ≤ 2.23.10
(custom)
|
|
| subnet | substation_server |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:subnet:substation_server:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:subnet:substation_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substation_server",
"vendor": "subnet",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:33:24.972555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:35:45.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:31.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Substation Server",
"vendor": "SUBNET",
"versions": [
{
"lessThanOrEqual": "2.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SUBNET Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.\n\n"
}
],
"value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1357",
"description": "CWE-1357",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:34:32.486Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSubnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\"\u003eSubnet Solution\u0027s Customer Service.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact Subnet Solution\u0027s Customer Service. https://subnet.com/contact/"
}
],
"source": {
"advisory": "ICSA-24-128-02",
"discovery": "INTERNAL"
},
"title": "SUBNET Substation Server Reliance on Insufficiently Trustworthy Component",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-26024",
"datePublished": "2024-05-28T16:34:32.486Z",
"dateReserved": "2024-04-12T20:44:48.680Z",
"dateUpdated": "2024-08-01T23:59:31.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-26024 (GCVE-0-2024-26024)
Vulnerability from cvelistv5 – Published: 2024-05-28 16:34 – Updated: 2024-08-01 23:59
VLAI
Title
SUBNET Substation Server Reliance on Insufficiently Trustworthy Component
Summary
SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUBNET | Substation Server |
Affected:
0 , ≤ 2.23.10
(custom)
|
|
| subnet | substation_server |
Affected:
0 , ≤ *
(custom)
cpe:2.3:a:subnet:substation_server:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:subnet:substation_server:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "substation_server",
"vendor": "subnet",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-26024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-11T18:33:24.972555Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-11T18:35:45.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:59:31.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Substation Server",
"vendor": "SUBNET",
"versions": [
{
"lessThanOrEqual": "2.23.10",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "SUBNET Solutions reported these vulnerabilities to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.\n\n"
}
],
"value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1357",
"description": "CWE-1357",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-28T16:34:32.486Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nSubnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\"\u003eSubnet Solution\u0027s Customer Service.\u003c/a\u003e\n\n\u003cbr\u003e"
}
],
"value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact Subnet Solution\u0027s Customer Service. https://subnet.com/contact/"
}
],
"source": {
"advisory": "ICSA-24-128-02",
"discovery": "INTERNAL"
},
"title": "SUBNET Substation Server Reliance on Insufficiently Trustworthy Component",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2024-26024",
"datePublished": "2024-05-28T16:34:32.486Z",
"dateReserved": "2024-04-12T20:44:48.680Z",
"dateUpdated": "2024-08-01T23:59:31.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}