[Japanese]

JVNDB-2023-001774

Multiple vulnerabilities in SolarView Compact

Overview

SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below.

* Use of hard-coded credentials (CWE-798) - CVE-2023-27512
* OS command injection in the download page (CWE-78) - CVE-2023-27514
* Buffer overflow in the multiple setting pages (CWE-120) - CVE-2023-27518
* OS command injection in the mail setting page (CWE-78) - CVE-2023-27521
* Improper access control in the system date/time setting page (CWE-284) - CVE-2023-27920

CVE-2023-27512, CVE-2023-27514, CVE-2023-27518, CVE-2023-27521
Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

CVE-2023-27920
CONTEC CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solutions through JVN.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.8 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-27514


CVSS V3 Severity:
Base Metrics8.8 (High) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
The above CVSS base scores have been assigned for CVE-2023-27521


CVSS V3 Severity:
Base Metrics6.5 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-27512


CVSS V3 Severity:
Base Metrics6.3 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: Low
The above CVSS base scores have been assigned for CVE-2023-27518


CVSS V3 Severity:
Base Metrics4.3 (Medium) [Other]
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-27920
Affected Products


Contec
  • SolarView Compact SV-CPT-MC310 Ver.8.10 or later
  • SolarView Compact SV-CPT-MC310F Ver.8.10 or later

Impact

* A remote authenticated attacker may login to the affected product with an administrative privilege and perform an unintended operation - CVE-2023-27512
* A remote authenticated attacker may execute an arbitrary OS command - CVE-2023-27514, CVE-2023-27521
* Buffer overflow occurs on the affected product and a remote authenticated attacker may execute arbitrary code - CVE-2023-27518
* A remote authenticated attacker with a user privilege may alter system date/time of the affected product - CVE-2023-27920
Solution

[Update the software]
Update the software (firmware) to the latest version according to the information provided by the developer.
The vulnerabilities have been addressed in the following firmware versions.


  • SolarView Compact

    • SV-CPT-MC310 Ver.8.10 or later

    • SV-CPT-MC310F Ver.8.10 or later





[Apply the workaround]
Applying the following workarounds may mitigate the impacts of these vulnerabilities.


  • Disconnect the product from network

  • Setup a firewall and run the product behind it

  • Configure the product in the trusted and closed network

  • Choose "User authentications required in all menus" under "User authentication target settings" in "User account settings"

Vendor Information

Contec
CWE (What is CWE?)

  1. Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120) [Other]
  2. Improper Access Control(CWE-284) [Other]
  3. OS Command Injection(CWE-78) [Other]
  4. Use of Hard-coded Credentials(CWE-798) [Other]
CVE (What is CVE?)

  1. CVE-2023-27512
  2. CVE-2023-27514
  3. CVE-2023-27518
  4. CVE-2023-27521
  5. CVE-2023-27920
References

  1. JVN : JVNVU#92106300
  2. National Vulnerability Database (NVD) : CVE-2023-27512
  3. National Vulnerability Database (NVD) : CVE-2023-27514
  4. National Vulnerability Database (NVD) : CVE-2023-27518
  5. National Vulnerability Database (NVD) : CVE-2023-27521
  6. National Vulnerability Database (NVD) : CVE-2023-27920
Revision History

  • [2023/05/09]
      Web page was published
  • [2024/06/27]
      References : Contents were added