What is SolarView Compact?
SolarView Compact is a photovoltaic (PV) power generation measurement and monitoring device developed by Contec.
What is the Attack?
CVE-2022-29303 is a command injection vulnerability in SolarView Compact that allows attackers to steal or modify information, destroy the system, or execute malicious programs by entering commands from the test email transmission screen.
CVE-2022-40881 is a command injection vulnerability in SolarView Compat that allows attackers to steal or modify information, destroy the system, or execute malicious programs by entering commands from the network continuity check screen.
Why is this Significant?
This is significant because CVE-2022-40881 and CVE-2022-29303 are reportedly being exploited in the wild.
FortiGuard Labs advises that the patch should be applied as soon as possible
What is the Vendor Solution?
Contec released a fix for both CVE-2022-40881 and CVE-2022-29303 in version 7.21 and beyond.
What FortiGuard Coverage is available?
FortiGuard Labs has a IPS signature ” SolarView.Compact.Command.Injection” in place for CVE-2022-40881 and CVE-2022-29303.
More Stories
ZDI-CAN-25373: Microsoft
A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus - Trend Micro Zero Day Initiative' was reported to...
DSA-5774-1 ruby-saml – security update
It was discovered that ruby-saml, a SAML library implementing the client side of a SAML authorization, does not properly verify...
USN-6968-2: PostgreSQL vulnerability
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS....
USN-7015-2: Python vulnerabilities
USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,...
USN-7027-1: Emacs vulnerabilities
It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands....
USN-7024-1: tgt vulnerability
It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1,...