CVE-2024-26024 - Vulnerability Details - OpenCVE

SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0022.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Subnet	Substation Server

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2024-23318	SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.

Fixes

Solution

Subnet Solutions has fixed these issues by identifying and replacing out of date libraries used in previous versions of Substation Server. Users are advised to update to version 2.23.11 or newer. To obtain this software, contact Subnet Solution's Customer Service. https://subnet.com/contact/

Workaround

No workaround given by the vendor.

References

Link	Providers
https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00097}`	epss `{'score': 0.00162}`

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2024-05-28T16:34:32.486Z

Updated: 2024-08-01T23:59:31.278Z

Reserved: 2024-04-12T20:44:48.680Z

Link: CVE-2024-26024

Vulnrichment

Updated: 2024-06-11T18:35:39.302Z

NVD

Status : Awaiting Analysis

Published: 2024-05-28T17:15:09.807

Modified: 2024-11-21T09:01:47.107

Link: CVE-2024-26024

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-26024", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "state": "PUBLISHED", "assignerShortName": "icscert", "dateReserved": "2024-04-12T20:44:48.680Z", "datePublished": "2024-05-28T16:34:32.486Z", "dateUpdated": "2024-08-01T23:59:31.278Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Substation Server", "vendor": "SUBNET", "versions": [{"lessThanOrEqual": "2.23.10", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "SUBNET Solutions reported these vulnerabilities to CISA."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nSUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.\n\n"}], "value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1357", "description": "CWE-1357", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-05-28T16:34:32.486Z"}, "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\nSubnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\">Subnet Solution's Customer Service.</a>\n\n<br>"}], "value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact Subnet Solution's Customer Service. https://subnet.com/contact/"}], "source": {"advisory": "ICSA-24-128-02", "discovery": "INTERNAL"}, "title": "SUBNET Substation Server Reliance on Insufficiently Trustworthy Component", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "subnet", "product": "substation_server", "cpes": ["cpe:2.3:a:subnet:substation_server:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "*", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T18:33:24.972555Z", "id": "CVE-2024-26024", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T18:35:45.987Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T23:59:31.278Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-26024", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-11T18:33:24.972555Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:subnet:substation_server:*:*:*:*:*:*:*:*"], "vendor": "subnet", "product": "substation_server", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "*"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T18:35:39.302Z"}}], "cna": {"title": "SUBNET Substation Server Reliance on Insufficiently Trustworthy Component", "source": {"advisory": "ICSA-24-128-02", "discovery": "INTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "SUBNET Solutions reported these vulnerabilities to CISA."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "SUBNET", "product": "Substation Server", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.23.10"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Subnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact Subnet Solution's Customer Service. https://subnet.com/contact/", "supportingMedia": [{"type": "text/html", "value": "\nSubnet Solutions has fixed these issues by identifying and replacing out\n of date libraries used in previous versions of Substation Server. Users\n are advised to update to version 2.23.11 or newer. To obtain this \nsoftware, contact <a target=\"_blank\" rel=\"nofollow\" href=\"https://subnet.com/contact/\">Subnet Solution's Customer Service.</a>\n\n<br>", "base64": false}]}], "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.", "supportingMedia": [{"type": "text/html", "value": "\nSUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server.\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1357", "description": "CWE-1357"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2024-05-28T16:34:32.486Z"}}}, "cveMetadata": {"cveId": "CVE-2024-26024", "state": "PUBLISHED", "dateUpdated": "2024-06-11T18:35:45.987Z", "dateReserved": "2024-04-12T20:44:48.680Z", "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "datePublished": "2024-05-28T16:34:32.486Z", "assignerShortName": "icscert"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server."}, {"lang": "es", "value": "SUBNET Solutions Inc. ha identificado vulnerabilidades en componentes de terceros utilizados en Substation Server."}], "id": "CVE-2024-26024", "lastModified": "2024-11-21T09:01:47.107", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "HIGH", "vulnerableSystemIntegrity": "HIGH"}, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2024-05-28T17:15:09.807", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-128-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1357"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}