Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks: An actively exploited vulnerability in Contec’s SolarView solar power monitoring product poses a significant threat to energy organizations, potentially exposing them to attacks.
This news item highlights the vulnerability, its impact on the affected organizations, and the need for immediate action to mitigate the risks.
- Actively exploited solar power product vulnerability: Contec’s SolarView solar power monitoring product has a vulnerability that is actively being exploited, putting hundreds of energy organizations at risk.
- Code injection flaw and remote exploitation: The identified vulnerability, known as CVE-2022-29303, is a code injection issue in SolarView version 6.0. It can be remotely exploited by unauthenticated attackers, allowing them to compromise the system.
- Potential impact and additional vulnerabilities: Exploitation of this vulnerability could lead to loss of productivity and revenue, especially if the compromised hardware is part of a solar power generation site. Furthermore, there are other SolarView vulnerabilities, including CVE-2023-23333 and CVE-2022-44354, that malicious actors could potentially exploit.
Vulnerability affecting energy organizations
Contec’s SolarView solar power monitoring product has been identified as having an actively exploited vulnerability, posing a significant threat to hundreds of energy organizations.
VulnCheck, a vulnerability intelligence company, issued a warning about the potential consequences of this security flaw.
SolarView’s Usage and Impact
Contec specializes in embedded computing, industrial automation, and IoT communication technology.
Their SolarView product, utilized at over 30,000 power stations, provides solar power monitoring and visualization capabilities, making it a critical component of energy infrastructure.
Exploitation by a Mirai variant and associated flaw
Palo Alto Networks reported that a variant of the Mirai botnet has been exploiting a vulnerability in SolarView to compromise devices and incorporate them into a botnet.
The flaw, tracked as CVE-2022-29303, is one of several vulnerabilities targeted by the botnet, allowing unauthorized remote code injection.
Patching and impacted versions
According to VulnCheck’s analysis, the identified security vulnerability was only addressed with the release of SolarView version 8.0. Previous versions, including at least version 4.0, remain vulnerable to exploitation.
Internet-exposed systems and potential consequences
A Shodan search has revealed over 600 internet-exposed SolarView systems, with more than 400 running vulnerable versions.
While the impact of exploiting SolarView in isolation may result in the loss of monitoring capabilities, if integrated into a solar power generation site, attackers could disrupt productivity and revenue by leveraging the compromised hardware as a network pivot to target other ICS resources.
Exploitation in the wild and additional vulnerabilities
The fact that CVE-2022-29303 has been actively exploited is not surprising, given that exploit and exploitation instructions have been publicly available since May 2022.
Furthermore, VulnCheck has warned about the existence of other SolarView vulnerabilities, including CVE-2023-23333 and CVE-2022-44354, which could be potential targets for malicious actors.
Conclusion to Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks
The actively exploited vulnerability in Contec’s SolarView solar power monitoring product poses a significant risk to energy organizations.
Immediate action is necessary to address this vulnerability and protect against potential attacks that could disrupt productivity and revenue.
With additional vulnerabilities also identified, it is crucial for energy organizations to remain vigilant, promptly apply patches, and implement robust security measures to safeguard their critical infrastructure.
CVE-2022-29303 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
SolarView Compact Command Injection Vulnerability
CISA required action:
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
CISA description:
SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product’s web server.
Exploit prediction scoring system (EPSS) score for CVE-2022-29303
Probability of exploitation activity in the next 30 days: 96.64%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2022-29303
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0 | HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C | 10.0 | 10.0 | NIST |
9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 | NIST |
CWE ids for CVE-2022-29303
- CWE-77 Improper Neutralization of Special Elements used in a Command (‘Command Injection’)The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
Products affected by CVE-2022-29303
- Contec » Sv-cpt-mc310 Firmware » Version: 6.00 cpe:2.3:o:contec:sv-cpt-mc310_firmware:6.00:*:*:*:*:*:*:*Matching versionsWhen used together with: Contec » Sv-cpt-mc310 » Version: N/A
Source:
Stay connected