Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks: An actively exploited vulnerability in Contec’s SolarView solar power monitoring product poses a significant threat to energy organizations, potentially exposing them to attacks.

This news item highlights the vulnerability, its impact on the affected organizations, and the need for immediate action to mitigate the risks.

  • Actively exploited solar power product vulnerability: Contec’s SolarView solar power monitoring product has a vulnerability that is actively being exploited, putting hundreds of energy organizations at risk.
  • Code injection flaw and remote exploitation: The identified vulnerability, known as CVE-2022-29303, is a code injection issue in SolarView version 6.0. It can be remotely exploited by unauthenticated attackers, allowing them to compromise the system.
  • Potential impact and additional vulnerabilities: Exploitation of this vulnerability could lead to loss of productivity and revenue, especially if the compromised hardware is part of a solar power generation site. Furthermore, there are other SolarView vulnerabilities, including CVE-2023-23333 and CVE-2022-44354, that malicious actors could potentially exploit.

Vulnerability affecting energy organizations

Contec’s SolarView solar power monitoring product has been identified as having an actively exploited vulnerability, posing a significant threat to hundreds of energy organizations.

VulnCheck, a vulnerability intelligence company, issued a warning about the potential consequences of this security flaw.

SolarView’s Usage and Impact

Contec specializes in embedded computing, industrial automation, and IoT communication technology.

Their SolarView product, utilized at over 30,000 power stations, provides solar power monitoring and visualization capabilities, making it a critical component of energy infrastructure.

Exploitation by a Mirai variant and associated flaw

Palo Alto Networks reported that a variant of the Mirai botnet has been exploiting a vulnerability in SolarView to compromise devices and incorporate them into a botnet.

The flaw, tracked as CVE-2022-29303, is one of several vulnerabilities targeted by the botnet, allowing unauthorized remote code injection.

Patching and impacted versions

According to VulnCheck’s analysis, the identified security vulnerability was only addressed with the release of SolarView version 8.0. Previous versions, including at least version 4.0, remain vulnerable to exploitation.

Internet-exposed systems and potential consequences

A Shodan search has revealed over 600 internet-exposed SolarView systems, with more than 400 running vulnerable versions.

While the impact of exploiting SolarView in isolation may result in the loss of monitoring capabilities, if integrated into a solar power generation site, attackers could disrupt productivity and revenue by leveraging the compromised hardware as a network pivot to target other ICS resources.

Exploitation in the wild and additional vulnerabilities

The fact that CVE-2022-29303 has been actively exploited is not surprising, given that exploit and exploitation instructions have been publicly available since May 2022.

Furthermore, VulnCheck has warned about the existence of other SolarView vulnerabilities, including CVE-2023-23333 and CVE-2022-44354, which could be potential targets for malicious actors.

Conclusion to Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

The actively exploited vulnerability in Contec’s SolarView solar power monitoring product poses a significant risk to energy organizations.

Immediate action is necessary to address this vulnerability and protect against potential attacks that could disrupt productivity and revenue.

With additional vulnerabilities also identified, it is crucial for energy organizations to remain vigilant, promptly apply patches, and implement robust security measures to safeguard their critical infrastructure.

CVE-2022-29303 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:

SolarView Compact Command Injection Vulnerability

CISA required action:

Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

CISA description:

SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product’s web server.

Exploit prediction scoring system (EPSS) score for CVE-2022-29303

Probability of exploitation activity in the next 30 days: 96.64%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-29303

Base ScoreBase SeverityCVSS VectorExploitability ScoreImpact ScoreScore Source
10.0HIGHAV:N/AC:L/Au:N/C:C/I:C/A:C10.010.0NIST
9.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H3.95.9NIST

CWE ids for CVE-2022-29303

Products affected by CVE-2022-29303

Source:

https://cybersecuritycue.com/exploited-solar-power-product-vulnerability/#penci-Vulnerability-affecting-energy-organizations
https://www.cvedetails.com/cve/CVE-2022-29303/