CVE-2026-35504 - Vulnerability Details

- Subnet Solutions PowerSYSTEM Center CRLF injection

Description

PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.

Published: 2026-05-12

Score: 5.1 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The reported issue is a CRLF injection flaw in the PowerSYSTEM Center email notification service when SMTPS is used. The flaw allows an attacker who can influence the body or header of the notification message to inject carriage return and line feed characters, potentially adding or modifying SMTP headers. This could lead to forging email content or hijacking notification flows, threatening integrity and possibly enabling malicious emails to be sent from the system.

Affected Systems

Subnet Solutions’ PowerSYSTEM Center for the years 2020, 2024 and 2026 are impacted. The bug is fixed in PSC 2020 Update 29, PSC 2024 Update 2, and PSC 2026 GA Hotfix.

Risk and Exploitability

CVSS score 5.1 suggests moderate severity. While the EPSS score is not available and the vulnerability is not listed in CISA KEV, publicly documented exploitation has not been reported. The attack vector is likely remote, via legitimate email notification requests that the attacker can manipulate, possibly by forging inputs during configuration or export operations. The vendor recommends monitoring user activity and restricting notification settings to trusted administrators, but the most effective protection is to apply the vendor‑issued patch.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Subnet Solutions

PowerSYSTEM Center 2020

unaffected

Version	Status	Constraints
`0`	affected	≤ 5.28.x

Subnet Solutions

PowerSYSTEM Center 2024

unaffected

Version	Status	Constraints
`6.0.x`	affected	≤ 6.1.x

Subnet Solutions

PowerSYSTEM Center 2026

unaffected

Version	Status	Constraints
`7.0.x`	affected	—

No data.

Vendor Product Confidence Versions

Subnet Solutions

Powersystem Center 2020

100%

Version	Status	Scheme	Platform
`[0,5.28.x]`	affected	generic	—

Subnet Solutions

Powersystem Center 2024

100%

Version	Status	Scheme	Platform
`[6.0.x,6.1.x]`	affected	generic	—

Subnet Solutions

Powersystem Center 2026

100%

Version	Status	Scheme	Platform
`[7.0.x,*]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

Vendor Solution

Subnet Solutions recommends users update to the latest version of PowerSYSTEM Center PSC 2020 Update 29, PSC 2024 Update 2, and PSC 2026 GA Hotfix. For assistance in upgrading, users should contact a Subnet Solutions System Integration team member or customer support team at (403) 270-8885 or by email at [support@subnet.com](mailto:support@subnet.com). Subnet Solutions recommends users do the following in order to reduce risk: * Monitor user activity records to ensure users are following acceptable usage policies of the application. * Restrict access to Notification Settings to trusted Administrators Monitor "Send from Address" in settings and Activity Records. * Configure a notification rule that triggers in any bulk account export activity.

OpenCVE Recommended Actions

Update PowerSYSTEM Center to the latest release (PSC 2020 Update 29, PSC 2024 Update 2, or PSC 2026 GA Hotfix).
Restrict access to notification settings and the "Send from Address" configuration to trusted administrators and monitor activity records for compliance.
Configure a notification rule that triggers on any bulk account export activity to detect suspicious usage.

Generated by OpenCVE AI on May 12, 2026 at 22:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00014.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-02.json
https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-02

History

Wed, 13 May 2026 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Subnet Solutions Subnet Solutions powersystem Center 2020 Subnet Solutions powersystem Center 2024 Subnet Solutions powersystem Center 2026
Vendors & Products		Subnet Solutions Subnet Solutions powersystem Center 2020 Subnet Solutions powersystem Center 2024 Subnet Solutions powersystem Center 2026

Tue, 12 May 2026 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 12 May 2026 21:00:00 +0000

Type	Values Removed	Values Added
Description		PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.
Title		Subnet Solutions PowerSYSTEM Center CRLF injection
Weaknesses		CWE-93
References		https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-02.json https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-02
Metrics		cvssV3_1 `{'score': 5.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}`

Subscriptions

Subnet Solutions Powersystem Center 2020 Powersystem Center 2024 Powersystem Center 2026

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2026-05-12T20:19:38.126Z

Updated: 2026-05-12T21:12:55.834Z

Reserved: 2026-04-16T14:05:42.158Z

Link: CVE-2026-35504

Vulnrichment

Updated: 2026-05-12T21:12:45.666Z

NVD

Status : Awaiting Analysis

Published: 2026-05-12T21:16:15.417

Modified: 2026-05-13T15:52:56.850

Link: CVE-2026-35504

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-13T10:35:50Z

Weaknesses

CWE-93

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object