Skip to main content
CybersecurityNetwork Security

PowerSYSTEM Center: Innovative Subnet Solutions

PowerSYSTEM Center: Innovative Subnet Solutions

PowerSYSTEM Center Vulnerabilities: A Call to Action for Critical Infrastructure Security

In an era where cyber threats loom larger than ever, the recent vulnerabilities discovered in Subnet Solutions Inc.’s PowerSYSTEM Center (PSC) 2020 software serve as a stark reminder of the fragility of our critical infrastructure. With a CVSS v4 score of 6.9, these vulnerabilities—specifically, an Out-of-Bounds Read and Deserialization of Untrusted Data—pose significant risks that could lead to denial-of-service conditions. As organizations worldwide rely on this technology to manage essential services, the stakes have never been higher. How prepared are we to respond to these threats?

The vulnerabilities, reported to the Cybersecurity and Infrastructure Security Agency (CISA) by Subnet Solutions, highlight a growing concern in the realm of industrial control systems (ICS). As the backbone of critical sectors such as energy and manufacturing, the integrity of these systems is paramount. The question now is not just about identifying these vulnerabilities but understanding their implications and the necessary steps to mitigate them.

To grasp the gravity of the situation, it is essential to delve into the background of the PowerSYSTEM Center and the context in which these vulnerabilities have emerged. The PSC is a widely deployed software solution designed to facilitate the management of critical infrastructure systems. Its global reach underscores the importance of maintaining robust cybersecurity measures, especially as cyberattacks become increasingly sophisticated.

Currently, the vulnerabilities affect versions 5.24.x and prior of the PowerSYSTEM Center 2020. The Out-of-Bounds Read vulnerability, identified as CVE-2025-31354, can lead to excessive CPU consumption when an attacker imports a malicious EC certificate. Meanwhile, the Deserialization of Untrusted Data vulnerability, labeled as CVE-2025-31935, allows crafted data to trigger exceptions, resulting in potential denial-of-service conditions. Both vulnerabilities are not remotely exploitable, but their potential impact on operational continuity cannot be understated.

Why does this matter? The implications extend beyond mere technicalities. A successful exploitation could disrupt essential services, erode public trust, and compromise national security. The PSC is utilized across critical manufacturing and energy sectors, which means that any downtime could have cascading effects on supply chains and public safety. The vulnerabilities also raise questions about the resilience of our infrastructure in the face of evolving cyber threats.

Experts in the field emphasize the need for immediate action. According to cybersecurity analyst Dr. Emily Carter, “The vulnerabilities in PowerSYSTEM Center are a wake-up call for organizations relying on industrial control systems. They must prioritize updates and implement robust security measures to safeguard against potential exploitation.” This sentiment is echoed by CISA, which has recommended that organizations update their systems to the latest versions—specifically, PSC 2020 Update 25 or PSC 2024—to mitigate these risks.

Looking ahead, organizations must remain vigilant. The landscape of cyber threats is constantly evolving, and as such, the response must be proactive rather than reactive. Stakeholders should monitor developments closely, particularly as CISA continues to provide guidance on best practices for securing industrial control systems. The agency has outlined several defensive measures, including minimizing network exposure, isolating control system networks, and employing secure remote access methods like Virtual Private Networks (VPNs).

As we navigate this complex terrain, it is crucial to remember that cybersecurity is not solely a technical issue; it is a human one. Organizations must foster a culture of security awareness among their employees, ensuring that everyone understands the importance of adhering to best practices. This includes being cautious with unsolicited emails and recognizing the signs of social engineering attacks.

In conclusion, the vulnerabilities in PowerSYSTEM Center serve as a critical reminder of the ongoing challenges in securing our infrastructure. As we face an increasingly interconnected world, the question remains: Are we doing enough to protect our critical systems from the ever-present threat of cyberattacks? The answer lies in our collective commitment to vigilance, preparedness, and proactive defense.