[Japanese]

JVNDB-2022-001923

Multiple vulnerabilities in CONTEC SolarView Compact

Overview

SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. SolarView Compact contains multiple vulnerabilities listed below.

OS command injection (CWE-78) - CVE-2022-29303
Improper validation of input values on the send test mail console of the product's web server may result in OS command injection.

Directory traversal (CWE-23) - CVE-2022-29298
Improper validation of a URL on the download page of the product's web server may allow a remote attacker to view and obtain an arbitrary file.

Information disclosure (CWE-200) - CVE-2022-29302
The hidden page which enables to edit the product's web server contents exists in the product's web server, and a remote attacker to read and/or alter an arbitrary file on the web server via the hidden page.

OS command injection (CWE-78) - CVE-2022-40881
Improper validation of input values on Check Network Communication Page of the product's web server may result in an arbitrary OS command execution.

OS command injection (CWE-78) - CVE-2023-23333
Improper validation of input values on the download page of the product's web server may result in an arbitrary OS command execution.
CVSS Severity (What is CVSS?)



CVSS V3 Severity:
Base Metrics8.8 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2022-29303


CVSS V3 Severity:
Base Metrics9.8 (Critical) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2022-29298


CVSS V3 Severity:
Base Metrics6.5 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2022-29302


CVSS V3 Severity:
Base Metrics:8.8 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2022-40881


CVSS V3 Severity:
Base Metrics:8.8 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-23333
Affected Products


Contec
  • SolarView Compact SV-CPT-MC310 versions prior to Ver.6.50 (CVE-2022-29298, CVE-2022-29302)
  • SolarView Compact SV-CPT-MC310 versions prior to Ver.7.21 (CVE-2022-29303, CVE-2022-40881, CVE-2023-23333)
  • SolarView Compact SV-CPT-MC310F versions prior to Ver.6.50 (CVE-2022-29298, CVE-2022-29302)
  • SolarView Compact SV-CPT-MC310F versions prior to Ver.7.21 (CVE-2022-29303, CVE-2022-40881, CVE-2023-23333)

Impact

Exploiting these vulnerabilities may result in the impacts listed below.

* An attacker who can access the product settings may execute an arbitrary OS command - CVE-2022-29303, CVE-2022-40881, CVE-2023-23333
* A remote attacker may obtain an arbitrary file - CVE-2022-29298
* A remote attacker may view and/or altered an arbitrary file on the web server - CVE-2022-29302
Solution

[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
These vulnerabilities have been already addressed in the following firmware versions.

* SV-CPT-MC310 Ver.7.21 and later
* SV-CPT-MC310F Ver.7.21 and later

[Apply the workaround]
Applying the following workarounds may mitigate the impacts of these vulnerabilities.
* Disconnect from network if the product being used in the standalone environment
* Setup a firewall and run the product behind it
* Configure the product in the trusted and closed network
* Choose "User authentications required in all menus" under "User authentication target settings" in "User account settings"
* Change default credentials
Vendor Information

Contec
CWE (What is CWE?)

  1. OS Command Injection(CWE-78) [Other]
  2. Relative Path Traversal(CWE-23) [Other]
  3. Information Exposure(CWE-200) [Other]
CVE (What is CVE?)

  1. CVE-2022-29303
  2. CVE-2022-29298
  3. CVE-2022-29302
  4. CVE-2022-40881
  5. CVE-2023-23333
References

  1. JVN : JVNVU#92327282
  2. National Vulnerability Database (NVD) : CVE-2022-29303
  3. National Vulnerability Database (NVD) : CVE-2022-29298
  4. National Vulnerability Database (NVD) : CVE-2022-29302
  5. National Vulnerability Database (NVD) : CVE-2022-40881
Revision History

  • [2022/05/27]
      Web page was published
  • [2022/06/10]
      Title was modified
      Description was modified
      CVSS Severity was modified
      Impact was modified 
      Solution was modified 
      Affected Products were modified
      References : Contents were added
      CWE : Contents were added
  • [2022/12/15]
      Description was modified
      CVSS Severity was modified
      Affected Products were modified 
      Vendor Information was modified
      Impact was modified
      Solution was modified
      CVE : CVE-IDs were added
      References : Contents were added  
    [2023/02/13]
      Description was modified
      CVSS Severity was modified
      Affected Products were modified 
      Vendor Information was modified
      Impact was modified
      References : Content was added