Grid Protection Alliance
Grid Solutions Division

Response to CISA Wix Toolset Vulnerability

February 2024

The recently reported WIX toolset vulnerability CVE-2024-24810 does affect GPA Synchrophasor and Power Quality installers. All officially released GPA applications that use an installer are subject to this vulnerability. GPA is determining impact and working on mitigating this vulnerability. Note that this vulnerability only affects the installation process and does not affect any deployed applications. GPA recommends not using the installer to update any applications at this time. Clients needing to update their applications can contact GPA to use alternate installation methods not using the impacted setup files.

Update: Installers affected by this vulnerability have been patched, see here.