Subnet Solutions PowerSYSTEM Center Incorrect Authorization_CVE-2026-26289

8.4 / 10

HIGH

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:H/SA:H

Description

PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.

Basic Information

ID CVE-2026-26289

Source icscert

Published May 12, 2026 at 21:02

Affected Product

Vendor Subnet Solutions

Product PowerSYSTEM Center 2020

Version 5.8.x

Affected Versions Subnet Solutions PowerSYSTEM Center 2020 5.8.x
Subnet Solutions PowerSYSTEM Center 2024 6.0.x
Subnet Solutions PowerSYSTEM Center 2026 7.0.x

CWE Classification

CWE-863

References

{
    "lastseen": "",
    "description": "PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only.",
    "published": "2026-05-12T21:02:42.509Z",
    "modified": "2026-05-12T21:02:42.509Z",
    "type": "cve",
    "title": "Subnet Solutions PowerSYSTEM Center Incorrect Authorization",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-02\nhttps://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-02.json",
    "id": "CVE-2026-26289",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "Subnet Solutions PowerSYSTEM Center 2020 5.8.x\nSubnet Solutions PowerSYSTEM Center 2024 6.0.x\nSubnet Solutions PowerSYSTEM Center 2026 7.0.x",
    "sourceHref": "",
    "cvss": {
        "score": 8.4,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PowerSYSTEM Center 2020",
    "version": "5.8.x",
    "vendor": "Subnet Solutions",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}