CVE-2023-29158 : Security Advisory and Response
Learn about CVE-2023-29158 affecting SUBNET PowerSYSTEM Center, exposing systems to replay attacks. Explore impact, technical details, and mitigation strategies.
A detailed analysis of CVE-2023-29158 revealing the impact, technical details, and mitigation strategies.
Understanding CVE-2023-29158
This section provides insights into the CVE-2023-29158 vulnerability affecting SUBNET PowerSYSTEM Center.
What is CVE-2023-29158?
SUBNET PowerSYSTEM Center versions 2020 U10 and prior are susceptible to replay attacks, leading to possible denial-of-service conditions or data integrity loss.
The Impact of CVE-2023-29158
The vulnerability exposes systems to high availability impact with a medium base severity score (6.1) due to replay attacks.
Technical Details of CVE-2023-29158
Explore the vulnerability description, affected systems, and exploitation mechanism.
Vulnerability Description
CVE-2023-29158 involves an authentication bypass via capture-replay methods, particularly affecting SUBNET PowerSYSTEM Center.
Affected Systems and Versions
SUBNET PowerSYSTEM Center versions 2020 U10 and older are at risk of exploitation.
Exploitation Mechanism
The vulnerability can be exploited through replay attacks, causing denial-of-service or data compromise.
Mitigation and Prevention
Discover immediate steps and long-term security practices to safeguard against CVE-2023-29158.
Immediate Steps to Take
- Ensure SVG files do not contain HTML or scripts and validate JPG/PNG files
- Verify network security rules to restrict outbound internet connections
- Consider disabling email notifications from PowerSYSTEM Center
Long-Term Security Practices
- Monitor user activities and enforce application control policies
- Restrict the execution of non-preauthorized executables on PowerSYSTEM Center servers
Patching and Updates
SUBNET Solutions addressed the issue by implementing file integrity checks and anti-forgery tokens in PowerSYSTEM Center update 12 and Update 8+Hotfix.