CVE-2023-6631: CWE-428 in Subnet Solutions Inc. PowerSYSTEM Center
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
AI Analysis
Technical Summary
CVE-2023-6631 is a high-severity vulnerability identified in Subnet Solutions Inc.'s PowerSYSTEM Center, specifically affecting versions 2020 Update 16 and prior (notably 2020 v5.0.x). The vulnerability is categorized under CWE-428, which pertains to unquoted search path or element vulnerabilities. This issue arises when the software installs services with unquoted paths containing spaces, allowing an authorized local user to insert arbitrary executable code by placing malicious binaries in directories that the system searches when launching the service. Because the service path is unquoted, Windows may interpret the path incorrectly and execute the malicious code with elevated privileges. Exploitation requires local access with some level of authorization (local privileges), but no user interaction is needed once access is obtained. The vulnerability allows privilege escalation, potentially granting an attacker SYSTEM-level control over the affected host. The CVSS v3.1 score of 7.8 reflects high severity, with high impact on confidentiality, integrity, and availability, and relatively low attack complexity. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk in environments where PowerSYSTEM Center is deployed, especially in industrial control or critical infrastructure contexts where this product is used for system management and monitoring.
Potential Impact
For European organizations, the impact of CVE-2023-6631 can be substantial, particularly for those in sectors relying on industrial control systems (ICS), utilities, manufacturing, and critical infrastructure management where PowerSYSTEM Center is deployed. Successful exploitation can lead to full system compromise on affected hosts, enabling attackers to manipulate system configurations, disrupt operations, or exfiltrate sensitive data. Given the high privileges gained, attackers could also move laterally within networks, increasing the risk of broader organizational compromise. This vulnerability undermines the integrity and availability of critical management systems, potentially causing operational downtime or safety risks. European organizations with stringent regulatory requirements around cybersecurity and data protection (e.g., GDPR, NIS Directive) may face compliance risks if such vulnerabilities are exploited. The local access requirement somewhat limits remote exploitation but does not eliminate risk, especially in environments where insider threats or compromised user accounts are possible.
Mitigation Recommendations
Mitigation should focus on immediate patching or upgrading to a version of PowerSYSTEM Center that addresses the unquoted service path issue, although no specific patch links are currently provided. In the absence of an official patch, organizations should manually inspect service paths for unquoted spaces and correct them by quoting the executable paths or restructuring directory names to avoid spaces. Restrict local user permissions to the minimum necessary to prevent unauthorized code placement in directories searched by services. Employ application whitelisting and endpoint protection solutions to detect and block unauthorized executable files. Conduct regular audits of service configurations and monitor for unusual local activity indicative of privilege escalation attempts. Network segmentation and strict access controls can limit the ability of attackers to gain local access to critical systems. Additionally, educating authorized users about the risks of local privilege escalation and enforcing strong authentication controls can reduce the likelihood of exploitation.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Belgium, Sweden, Poland, Czech Republic
CVE-2023-6631: CWE-428 in Subnet Solutions Inc. PowerSYSTEM Center
Description
PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.
AI-Powered Analysis
Technical Analysis
CVE-2023-6631 is a high-severity vulnerability identified in Subnet Solutions Inc.'s PowerSYSTEM Center, specifically affecting versions 2020 Update 16 and prior (notably 2020 v5.0.x). The vulnerability is categorized under CWE-428, which pertains to unquoted search path or element vulnerabilities. This issue arises when the software installs services with unquoted paths containing spaces, allowing an authorized local user to insert arbitrary executable code by placing malicious binaries in directories that the system searches when launching the service. Because the service path is unquoted, Windows may interpret the path incorrectly and execute the malicious code with elevated privileges. Exploitation requires local access with some level of authorization (local privileges), but no user interaction is needed once access is obtained. The vulnerability allows privilege escalation, potentially granting an attacker SYSTEM-level control over the affected host. The CVSS v3.1 score of 7.8 reflects high severity, with high impact on confidentiality, integrity, and availability, and relatively low attack complexity. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk in environments where PowerSYSTEM Center is deployed, especially in industrial control or critical infrastructure contexts where this product is used for system management and monitoring.
Potential Impact
For European organizations, the impact of CVE-2023-6631 can be substantial, particularly for those in sectors relying on industrial control systems (ICS), utilities, manufacturing, and critical infrastructure management where PowerSYSTEM Center is deployed. Successful exploitation can lead to full system compromise on affected hosts, enabling attackers to manipulate system configurations, disrupt operations, or exfiltrate sensitive data. Given the high privileges gained, attackers could also move laterally within networks, increasing the risk of broader organizational compromise. This vulnerability undermines the integrity and availability of critical management systems, potentially causing operational downtime or safety risks. European organizations with stringent regulatory requirements around cybersecurity and data protection (e.g., GDPR, NIS Directive) may face compliance risks if such vulnerabilities are exploited. The local access requirement somewhat limits remote exploitation but does not eliminate risk, especially in environments where insider threats or compromised user accounts are possible.
Mitigation Recommendations
Mitigation should focus on immediate patching or upgrading to a version of PowerSYSTEM Center that addresses the unquoted service path issue, although no specific patch links are currently provided. In the absence of an official patch, organizations should manually inspect service paths for unquoted spaces and correct them by quoting the executable paths or restructuring directory names to avoid spaces. Restrict local user permissions to the minimum necessary to prevent unauthorized code placement in directories searched by services. Employ application whitelisting and endpoint protection solutions to detect and block unauthorized executable files. Conduct regular audits of service configurations and monitor for unusual local activity indicative of privilege escalation attempts. Network segmentation and strict access controls can limit the ability of attackers to gain local access to critical systems. Additionally, educating authorized users about the risks of local privilege escalation and enforcing strong authentication controls can reduce the likelihood of exploitation.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- icscert
- Date Reserved
- 2023-12-08T17:28:43.750Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683f0dc2182aa0cae27ff3ef
Added to database: 6/3/2025, 2:59:14 PM
Last enriched: 7/4/2025, 1:41:00 AM
Last updated: 8/11/2025, 10:23:58 AM
Views: 14
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.