Home

Description

PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication.

PUBLISHED Reserved 2026-04-16 | Published 2026-05-12 | Updated 2026-05-12 | Assigner icscert




MEDIUM: 5.1CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

MEDIUM: 5.5CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem types

CWE-93 Improper neutralization of CRLF sequences ('CRLF injection')

Product status

Default status
unaffected

Any version
affected

Default status
unaffected

6.0.x (custom)
affected

Default status
unaffected

7.0.x
affected

Credits

Kelly Stich of Subnet Solutions Inc. reported these vulnerabilities to CISA. finder

References

www.cisa.gov/news-events/ics-advisories/icsa-26-132-02

github.com/...p/csaf_files/OT/white/2026/icsa-26-132-02.json

cve.org (CVE-2026-35504)

nvd.nist.gov (CVE-2026-35504)

Download JSON