|
[Japanese]
|
JVNDB-2022-002112
|
CONTEC SolarView Compact vulnerable to insufficient verification in uploading files
|
|
SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System.
The image file management page of SolarView Compact contains an insufficient verification vulnerability when uploading files (CWE-20).
|
|
CVSS V3 Severity:
Base Metrics 8.8 (High) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Contec
- SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier
- SolarView Compact SV-CPT-MC310F Ver.7.23 and earlier
|
|
|
Arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.
|
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
This vulnerability has been already addressed in the following firmware versions.
* SolarView Compact
* SV-CPT-MC310 Ver.7.24
* SV-CPT-MC310F Ver.7.24
[Apply the workaround]
Applying the following workarounds may mitigate the impacts of this vulnerability.
* Disconnect from network if the product is used in the standalone environment
* Setup a firewall and run the product behind it
* Configure the product in the trusted and closed network
* Choose "User authentications required in all menus" under "User authentication target settings" in "User account settings"
* Change default credentials
|
|
Contec
|
|
- Improper Input Validation(CWE-20) [Other]
|
|
- CVE-2022-35239
|
|
- JVN : JVNVU#93696585
|
|
- [2022/08/03]
Web page was published
|
