Threat Signal ReportActive Exploitation of SolarView Compact Command Injection Vulnerabilities
What is SolarView Compact? | SolarView Compact is a photovoltaic (PV) power generation measurement and monitoring device developed by Contec. |
What is the Attack? | CVE-2022-29303 is a command injection vulnerability in SolarView Compact that allows attackers to steal or modify information, destroy the system, or execute malicious programs by entering commands from the test email transmission screen. |
Why is this Significant? | This is significant because CVE-2022-40881 and CVE-2022-29303 are reportedly being exploited in the wild. FortiGuard Labs advises that the patch should be applied as soon as possible |
What is the Vendor Solution? | Contec released a fix for both CVE-2022-40881 and CVE-2022-29303 in version 7.21 and beyond. |
What FortiGuard Coverage is available? | FortiGuard Labs has a IPS signature " SolarView.Compact.Command.Injection" in place for CVE-2022-40881 and CVE-2022-29303. |
Outbreak Alert
FortiGuard Labs observed a huge spike in attack attempts relating to a command injection vulnerability in SolarView Compact (Solar power generation monitoring system) with upto more than 18,000+ unique IPS detections in the month of July 2023. The exploit works due to the vulnerability in SolarView Compact confi_mail.php component, which fails to adequately sanitize the user-supplied input data, leading to command injection.
Additional Resources
Actively Exploited Industrial Control Systems Hardware - SolarView Series (VulnCheck)
SolarView Compact Command Injection Vulnerability (Outbreak Alert)
CVE-2022-40881 (MITRE)
CVE-2022-29303 (MITRE)
