github - ghsa-4c23-hq2c-grq2

GHSA-4C23-HQ2C-GRQ2

Vulnerability from github – Published: 2023-06-19 21:30 – Updated: 2024-04-04 04:58

Details

SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-32659"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-19T21:15:42Z",
    "severity": "MODERATE"
  },
  "details": "\nSUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.\n\n\n\n\n",
  "id": "GHSA-4c23-hq2c-grq2",
  "modified": "2024-04-04T04:58:04Z",
  "published": "2023-06-19T21:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32659"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2023-32659 (GCVE-0-2023-32659)

Vulnerability from cvelistv5 – Published: 2023-06-19 20:18 – Updated: 2024-12-09 20:48

Summary

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:L

CWE

CWE-79 - Cross-site Scripting

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/news-events/ics-advisories/i…

Impacted products

	Vendor	Product	Version
	SUBNET Solutions Inc.	PowerSYSTEM Center	Affected: 0 , ≤ 2020 U10 (custom)

Credits

SUBNET Solutions reported these vulnerabilities to CISA.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:25:36.325Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-01"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32659",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-12-09T20:48:02.613544Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-12-09T20:48:27.468Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "PowerSYSTEM Center",
          "vendor": "SUBNET Solutions Inc.",
          "versions": [
            {
              "lessThanOrEqual": "2020 U10",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "user": "00000000-0000-4000-9000-000000000000",
          "value": "SUBNET Solutions reported these vulnerabilities to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eSUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.\u003c/p\u003e\u003cbr\u003e\n\n"
            }
          ],
          "value": "\nSUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications.\n\n\n\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Cross-site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-19T20:18:36.913Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-166-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eSUBNET Solutions has fixed these issues by enabling a file integrity check on uploaded images and anti-forgery tokens to prevent replay attacks. The fix was introduced in PowerSYSTEM Center update 12 as well as Update 8+Hotfix (both identified by release number 5.12.2305.10101, which can be located in Settings / Overview / Version).\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nSUBNET Solutions has fixed these issues by enabling a file integrity check on uploaded images and anti-forgery tokens to prevent replay attacks. The fix was introduced in PowerSYSTEM Center update 12 as well as Update 8+Hotfix (both identified by release number 5.12.2305.10101, which can be located in Settings / Overview / Version).\n\n\n\n\n\n\n\n"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "SUBNET PowerSYSTEM Center Cross-site Scripting",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eSUBNET Solutions recommends users to follow the following workarounds:\u003c/p\u003e\u003cul\u003e\u003cli\u003eUsers should verify that SVG files do not contain HTML elements or scripts and validate that JPG and PNG files are not SVG files.\u003c/li\u003e\u003cli\u003eUsers should verify network security rules to ensure that outbound connections to the internet are not possible.\u003c/li\u003e\u003cli\u003eIf the above cannot be performed or notifications are not required, disable email notifications for reports from PowerSYSTEM Center.\u003c/li\u003e\u003cli\u003eMonitor user activity and ensure application control rules only allow preauthorized executables to run.\u003c/li\u003e\u003cli\u003eDeny users to run other executables on client access servers (PowerSYSTEM Center front end access point).\u003c/li\u003e\u003c/ul\u003e\n\n\u003cbr\u003e"
            }
          ],
          "value": "\nSUBNET Solutions recommends users to follow the following workarounds:\n\n  *  Users should verify that SVG files do not contain HTML elements or scripts and validate that JPG and PNG files are not SVG files.\n  *  Users should verify network security rules to ensure that outbound connections to the internet are not possible.\n  *  If the above cannot be performed or notifications are not required, disable email notifications for reports from PowerSYSTEM Center.\n  *  Monitor user activity and ensure application control rules only allow preauthorized executables to run.\n  *  Deny users to run other executables on client access servers (PowerSYSTEM Center front end access point).\n\n\n\n\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2023-32659",
    "datePublished": "2023-06-19T20:18:36.913Z",
    "dateReserved": "2023-05-25T16:04:56.572Z",
    "dateUpdated": "2024-12-09T20:48:27.468Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-4C23-HQ2C-GRQ2

CVE-2023-32659 (GCVE-0-2023-32659)

Tags

Sightings

Nomenclature