Kelly Stich

#8200of 53,634
33.5Total CVSS
Vulnerabilities · 5
Medium
3
High
2
PT-2026-40431
5.5
2026-05-12
Unknown · Powersystem Center · CVE-2026-35504
**Name of the Vulnerable Software and Affected Versions** PowerSYSTEM Center (affected versions not specified) **Description** The email notification service is subject to a CRLF injection, which occurs when a system fails to properly sanitize carriage return (CR) and line feed (LF) characters, allowing an attacker to inject malicious headers or content into the email stream during SMTPS communication. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-40435
8.2
2026-05-12
Unknown · Powersystem Center · CVE-2026-26289
**Name of the Vulnerable Software and Affected Versions** PowerSYSTEM Center (affected versions not specified) **Description** A REST API endpoint used for device account export allows an authenticated user with limited permissions to expose sensitive information that is normally restricted to administrative permissions only. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-40441
5.7
2026-05-12
Unknown · Powersystem Center · CVE-2026-33570
**Name of the Vulnerable Software and Affected Versions** PowerSYSTEM Center (affected versions not specified) **Description** A REST API endpoint for devices allows an authenticated user with low privileges to access information that is typically restricted by operational permissions. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2026-40442
6.3
2026-05-12
Unknown · Powersystem Center · CVE-2026-35555
**Name of the Vulnerable Software and Affected Versions** PowerSYSTEM Center (affected versions not specified) **Description** The device project groups feature allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-15033
7.8
2024-01-08
Unknown · Powersystem Center · CVE-2023-6631
**Name of the Vulnerable Software and Affected Versions** PowerSYSTEM Center versions 2020 Update 16 and prior **Description** The issue allows an authorized local user to insert arbitrary code into the unquoted service path, potentially leading to privilege escalation. **Recommendations** For PowerSYSTEM Center versions 2020 Update 16 and prior, update to a version later than 2020 Update 16 to resolve the issue. At the moment, there is no information about additional mitigation measures.