|
[Japanese]
|
JVNDB-2022-002112
|
CONTEC SolarView Compact vulnerable to insufficient verification in uploading files
|
|
SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System.
The image file management page of SolarView Compact contains an insufficient verification vulnerability when uploadi
webray reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.ng files (CWE-20).
|
|
CVSS V3 Severity:
Base Metrics 8.8 (High) [Other]
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
|
|
|
Contec
- SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier
- SolarView Compact SV-CPT-MC310F Ver.7.23 and earlier
|
|
|
Arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.
|
|
[Update the firmware]
Update the firmware to the latest version according to the information provided by the developer.
This vulnerability has been already addressed in the following firmware versions.
* SolarView Compact
* SV-CPT-MC310 Ver.7.24
* SV-CPT-MC310F Ver.7.24
[Apply the workaround]
Applying the following workarounds may mitigate the impacts of this vulnerability.
* Disconnect from network if the product is used in the standalone environment
* Setup a firewall and run the product behind it
* Configure the product in the trusted and closed network
* Choose "User authentications required in all menus" under "User authentication target settings" in "User account settings"
* Change default credentials
|
|
Contec
|
|
- Improper Input Validation(CWE-20) [Other]
|
|
- CVE-2022-35239
|
|
- JVN : JVNVU#93696585
- National Vulnerability Database (NVD) : CVE-2022-35239
|
|
- [2022/08/03]
Web page was published
- [2023/03/31]
Overview was modified
- [2024/06/14]
References : Content was added
|
