[Japanese]

JVNDB-2021-000016

Multiple vulnerabilities in SolarView Compact

Overview

SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.

*Exposure of information through directory listing (CWE-548) - CVE-2021-20656
*Improper access control (CWE-284) - CVE-2021-20657
*OS command injection (CWE-78) - CVE-2021-20658
*Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20659
*Cross-site scripting (CWE-79) - CVE-2021-20660
*Directory traversal (CWE-23) - CVE-2021-20661
*Missing authentication for critical function (CWE-306) - CVE-2021-20662
*Using components with known vulnerabilities (CWE-1035) - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324
The product uses previous versions of vsfpd and lighttpd with known vulnerabilities.

CVE-2021-20656
Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20657, CVE-2021-20658
Takayuki Sasak, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20659, CVE-2021-20660, CVE-2021-20661, CVE-2021-20662
Kouichirou Okada, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported to IPA that CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323 and CVE-2014-2324 vulnerabilities still exist in the product. JPCERT/CC coordinated with the developer.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 6.3 (Medium) [IPA Score]
  • Attack Vector: Adjacent Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 5.8 (Medium) [IPA Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2021-20658

CVSS V3 Severity:
Base Metrics: 3.5 (Low) [JPCERT/CC Score]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 2.7 (Low) [JPCERT/CC Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20656

CVSS V3 Severity:
Base Metrics: 4.6 (Medium) [JPCERT/CC Score]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 4.1 (Medium) [JPCERT/CC Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20657

CVSS V3 Severity:
Base Metrics: 5.5 (Medium) [JPCERT/CC Score]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics: 5.2 (Medium) [JPCERT/CC Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2021-20659

CVSS V3 Severity:
Base Metrics: 6.1 (Medium) [JPCERT/CC Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope: Changed
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 4.3 (Medium) [JPCERT/CC Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20660

CVSS V3 Severity:
Base Metrics: 6.3 (Medium) [JPCERT/CC Score]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics: 4.1 (Medium) [JPCERT/CC Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: Single
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2021-20661

CVSS V3 Severity:
Base Metrics: 4.3 (Medium) [JPCERT/CC Score]
  • Attack Vector: Adjacent
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics: 3.3 (Low) [JPCERT/CC Score]
  • Access Vector: Adjacent Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2021-20662
Affected Products


Contec
  • SolarView Compact SV-CPT-MC310 prior to Ver.6.5

Impact

*An attacker who can log in to this product may obtain the information inside the system, e.g. directories and/or file configurations - CVE-2021-20656
*An attacker who can log in to the product may obtain and/or alter the setting information without the access privileges. Also, an attacker with the administrative privilege may log in to the product and perform an unintended operation - CVE-2021-20657
*An attacker may execute an arbitrary OS command with the web server privilege. Also, an attacker with the administrative privilege may log in to the product and perform an unintended operation - CVE-2021-20658
*An attacker who can log in to this product may upload arbitrary files. If the file is PHP script, an attacker may execute arbitrary code - CVE-2021-20659
*An arbitrary script may be executed on a logged-in user's web browser - CVE-2021-20660
*An attacker who can log in to this product may delete arbitrary files and/or directories on the server - CVE-2021-20661
*An attacker who can log in to this product may alter the setting information without the access privileges - CVE-2021-20662
*An attack may be conducted by exploiting known vulnerabilities - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324
Solution

[Update the Firmware]
Update the firmware to the latest version according to the information provided by the developer.
These vulnerabilities have been already addressed in the following firmware version.
  • SolarView Compact
    • SV-CPT-MC310 Ver.6.50

Vendor Information

Contec
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
  2. Path Traversal(CWE-22) [IPA Evaluation]
  3. Permissions(CWE-264) [IPA Evaluation]
  4. OS Command Injection(CWE-78) [IPA Evaluation]
  5. Cross-site Scripting(CWE-79) [IPA Evaluation]
  6. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2011-0762
  2. CVE-2011-4362
  3. CVE-2013-4508
  4. CVE-2013-4559
  5. CVE-2013-4560
  6. CVE-2014-2323
  7. CVE-2014-2324
  8. CVE-2021-20656
  9. CVE-2021-20657
  10. CVE-2021-20658
  11. CVE-2021-20659
  12. CVE-2021-20660
  13. CVE-2021-20661
  14. CVE-2021-20662
References

  1. JVN : JVN#37417423
Revision History

  • [2021/02/19]
      Web page was published
  • [2021/02/25]
      Impact : Content was modified

Date Public2021/02/19
Date First Published2021/02/19
Date Last Updated2021/02/25