HIGHCVE-2026-35555Published 2026-05-12Modified 2026-05-13CNA icscert

CVE-2026-35555: Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.

CVSS v4.0: 7.0
Severity: HIGH
Fixed in: —
Affected Products: 2

Affected packages

Subnet Solutions / PowerSYSTEM Center 2024
≤ 6.1.x
Subnet Solutions / PowerSYSTEM Center 2026
7.0.x

CVSS Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

References

cisa.gov
github.com

Metrics