virus logo Intrusion Prevention

SolarView.Compact.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection vulnerability in SolarView Compact.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. An unauthenticated remote attacker may be able to exploit this to execute arbitrary commands within the context of the application.

description-logoOutbreak Alert

FortiGuard Labs observed a huge spike in attack attempts relating to a command injection vulnerability in SolarView Compact (Solar power generation monitoring system) with upto more than 18,000+ unique IPS detections in the month of July 2023. The exploit works due to the vulnerability in SolarView Compact confi_mail.php component, which fails to adequately sanitize the user-supplied input data, leading to command injection.

View the full Outbreak Alert Report

affected-products-logoAffected Products

SolarView Compact version 6.00

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2023-01-16 22.476 Default_action:pass:drop
2022-12-13 22.456
ID 52317
Created Nov 21, 2022
Updated Jan 13, 2023
Outbreak Alert SolarView Compact Command Injection
Threat Signal View Report
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2022-40881 CVE-2022-29303
Known Exploited Yes
Exploit Prediction Score 96.47%
Default Action drop
Active
Affected OS Linux
Affected App Other