Subnet Solutions PowerSYSTEM Center

p a href="https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-02.json" strong View CSAF /strong /a /p h2 Summary /h2 p strong Successful exploitation of these vulnerabilities could allow an authenticated attacker to expose sensitive information or cause a CRLF injection. /strong /p p The following versions of Subnet Solutions PowerSYSTEM Center are affected: /p ul li PowerSYSTEM Center 2020 lt;=5.28.x (CVE-2026-35504) /li li PowerSYSTEM Center 2020 gt;=5.8.x| lt;=5.28.x (CVE-2026-26289) /li li PowerSYSTEM Center 2020 gt;=5.11.x| lt;=5.28.x (CVE-2026-33570) /li li PowerSYSTEM Center 2024 gt;=6.0.x| lt;=6.1.x (CVE-2026-26289, CVE-2026-35555, CVE-2026-35504) /li li PowerSYSTEM Center 2026 7.0.x (CVE-2026-26289, CVE-2026-35555, CVE-2026-35504) /li /ul div class="csaf-table" table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap thead tr th role="columnheader" data-tablesaw-priority="persist" CVSS /th th role="columnheader" Vendor /th th role="columnheader" Equipment /th th role="columnheader" Vulnerabilities /th /tr /thead tbody tr td v3 8.2 /td td Subnet Solutions Inc. /td td Subnet Solutions PowerSYSTEM Center /td td Incorrect Authorization, Improper Neutralization of CRLF Sequences ('CRLF Injection') /td /tr /tbody /table /div h3 Background /h3 ul li strong Critical Infrastructure Sectors: /strong Critical Manufacturing, Energy /li li strong Countries/Areas Deployed: /strong Worldwide /li li strong Company Headquarters Location: /strong Canada /li /ul hr h2 Vulnerabilities /h2 div class="csaf-accordion" p a class="csaf-accordion-toggle-all" href="#" Expand All + /a /p div class="csaf-accordion-item" h3 a class="csaf-accordion-toggle" href="#" CVE-2026-26289 /a /h3 div class="csaf-accordion-content" p PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only. /p p a href="https://www.cve.org/CVERecord?id=CVE-2026-26289" View CVE Details /a /p hr h4 Affected Products /h4 h5 Subnet Solutions PowerSYSTEM Center /h5 div class="ics-vendor-version-status" div class="ics-vendor" strong Vendor: /strong br Subnet Solutions Inc. /div div class="ics-version" strong Product Version: /strong br Subnet Solutions Inc. PowerSYSTEM Center 2020: gt;=5.8.x| lt;=5.28.x, Subnet Solutions Inc. PowerSYSTEM Center 2024: gt;=6.0.x| lt;=6.1.x, Subnet Solutions Inc. PowerSYSTEM Center 2026: 7.0.x /div div class="ics-status" strong Product Status: /strong br known_affected /div /div div class="ics-remediations" h6 Remediations /h6 p strong Mitigation /strong br Subnet Solutions recommends users update to the latest version of PowerSYSTEM Center PSC 2020 Update 29, PSC 2024 Update 2, and PSC 2026 GA Hotfix. /p p strong Mitigation /strong br For assistance in upgrading, users should contact a Subnet Solutions System Integration team member or customer support team at (403)