Outbreak AlertSolarView Compact Command Injection Vulnerability
Industrial Control Systems hardware vulnerability exploited in the wild
FortiGuard Labs observed a huge spike in attack attempts relating to a command injection vulnerability in SolarView Compact (Solar power generation monitoring system) with upto more than 18,000+ unique IPS detections in the month of July 2023. The exploit works due to the vulnerability in SolarView Compact confi_mail.php component, which fails to adequately sanitize the user-supplied input data, leading to command injection. Learn More »
Common Vulnerabilities and Exposures
Background
SolarView Compact is a part of Solar energy monitoring solutions offered by CONTEC and SolarView Compact specifically monitors and visualizes small to medium-scale solar power generation and storage. According to the vendor website, particularly in the field of solar power generation, SolarView brand solutions are introduced at more than 30,000 power stations. If the SolarView Compact hardware is a part of a solar power generation site, the attacker may be able to exploit and affect loss of productivity and revenue and could also use it as a network pivot to attack other ICS resources.
Threat Radar Overall Score:
 |
CVSS Rating | 9.0 |
 |
FortiRecon Score | 90/100 |
 |
Known Exploited | Yes |
 |
Exploit Prediction Score | 96.47% |
 |
FortiGuard Telemetry | 8477 |
Latest Development
Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.
13 Dec, 2022: FortGuard Labs released IPS signature to detect and block attack attempts leveraging SolarView Compact Command Injection Vulnerability. (CVE-2022-40881, CVE-2022-29303)
23 March, 2023: FortiGuard Labs created an IPS signature to detect a different SolarView Compact Command Injection Vulnerability (CVE-2023-23333), however we do not see signs of it being exploited in the wild as of yet.
FortiGuard customers remain protected by the IPS signatures for CVE-2022-40881, CVE-2022-29303, CVE-2023-23333, however we recommend users to apply review patches and upgrade SolarView Compact devices if available and make sure the devices are protected and behind the IPS systems to mitigate any risks completely.
It is reported that all the vulnerabilties mentioned are fixed in SolarView Compact v8.0 and above.
FortiGuard Cybersecurity Framework
Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.
-
AV
-
AV (Pre-filter)
-
Behavior Detection
-
IPS
-
IOC
-
Outbreak Detection
-
Assisted Response Services
-
Automated Response
-
NOC/SOC Training
-
End-User Training
-
Attack Surface Hardening
Threat Intelligence
Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.
Loading ...
Indicators of compromise
IOC Indicator List
| Indicator | Type | Status |
|---|---|---|
| 185.44.81.114 | ip | Active |
| 185.225.74.251 | ip | Active |
| http://zvub.us/y | url | Active |
| http://185.225.74.251/armv4l | url | Active |
| http://185.225.74.251/armv7l | url | Active |
| http://185.225.74.251/i586 | url | Active |
| http://185.225.74.251/mipsel | url | Active |
| http://185.225.74.251/sh4 | url | Active |
| http://185.225.74.251/sparc | url | Active |
| http://185.225.74.251/arc | url | Active |
| 185.225.74.251:80 | ip | Active |
| http://185.225.74.251/armv5l | url | Active |
| http://185.225.74.251/armv6l | url | Active |
| http://185.225.74.251/i686 | url | Active |
| http://185.225.74.251/m68k | url | Active |
| http://185.225.74.251/mips | url | Active |
| http://185.225.74.251/x86_64 | url | Active |
| zvub.us | domain | Inactive |
Indicators of compromise
IOC Threat Activity
Last 30 days
Chg
Avg 0
References
Sources of information in support and relation to this Outbreak and vendor.