JVN#37417423: Multiple vulnerabilities in SolarView Compact

Overview

SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities.

Products Affected

SolarView Compact
- SV-CPT-MC310 prior to Ver.6.5

Description

SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.

Exposure of information through directory listing (CWE-548) - CVE-2021-20656

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Base Score: 3.5

CVSS v2 AV:A/AC:L/Au:S/C:P/I:N/A:N Base Score: 2.7
Improper access control (CWE-284) - CVE-2021-20657

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Base Score: 4.6

CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:N Base Score: 4.1
OS command injection (CWE-78) - CVE-2021-20658

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Base Score: 6.3

CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8
Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20659

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Base Score: 5.5

CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2
Cross-site scripting (CWE-79) - CVE-2021-20660

CVSS v3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score: 6.1

CVSS v2 AV:N/AC:M/Au:N/C:N/I:P/A:N Base Score: 4.3
Directory traversal (CWE-23) - CVE-2021-20661

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H Base Score: 6.3

CVSS v2 AV:A/AC:L/Au:S/C:N/I:P/A:P Base Score: 4.1
Missing authentication for critical function (CWE-306) - CVE-2021-20662

CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3

CVSS v2 AV:A/AC:L/Au:N/C:N/I:P/A:N Base Score: 3.3
Using components with known vulnerabilities (CWE-1035) - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324
The product uses previous versions of vsfpd and lighttpd with known vulnerabilities.

Impact

An attacker who can log in to the product may obtain the information inside the system, e.g. directories and/or file configurations - CVE-2021-20656
An attacker who can log in to the product may obtain and/or alter the setting information without the access privileges. Also, an attacker with the administrative privilege may log in to the product and perform an unintended operation - CVE-2021-20657
An attacker may execute an arbitrary OS command with the web server privilege. Also, an attacker with the administrative privilege may log in to the product and perform an unintended operation - CVE-2021-20658
An attacker who can log in to the product may upload arbitrary files. If the file is PHP script, the attacker may execute arbitrary code - CVE-2021-20659
An arbitrary script may be executed on a logged-in user's web browser - CVE-2021-20660
An attacker who can log in to the product may delete arbitrary files and/or directories on the server - CVE-2021-20661
An attacker who can log in to the product may alter the setting information without the access privileges - CVE-2021-20662
An attack may be conducted by exploiting known vulnerabilities - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324

Solution

Update the Firmware
Update the firmware to the latest version according to the information provided by the developer.
These vulnerabilities have been already addressed in the following firmware version.

SolarView Compact
- SV-CPT-MC310 Ver.6.50

Vendor Status

Vendor	Link
Contec Co., Ltd.	Regarding the vulnerabilities in SolarView Compact (SV-CPT-MC310) (PDF, in Japanese)
	SolarView Compact firmware update Ver.6.50 (in Japanese)

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2021-20656
Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20657, CVE-2021-20658
Takayuki Sasak, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

CVE-2021-20659, CVE-2021-20660, CVE-2021-20661, CVE-2021-20662
Kouichirou Okada, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported to IPA that CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323 and CVE-2014-2324 vulnerabilities still exist in the product. JPCERT/CC coordinated with the developer.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE	CVE-2011-0762
	CVE-2011-4362
	CVE-2013-4508
	CVE-2013-4559
	CVE-2013-4560
	CVE-2014-2323
	CVE-2014-2324
	CVE-2021-20656
	CVE-2021-20657
	CVE-2021-20658
	CVE-2021-20659
	CVE-2021-20660
	CVE-2021-20661
	CVE-2021-20662
JVN iPedia	JVNDB-2021-000016

Update History

2021/02/25: Information under the section "Impact" was updated.

CVSS v3	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	Base Score: 3.5
CVSS v2	AV:A/AC:L/Au:S/C:P/I:N/A:N	Base Score: 2.7

CVSS v3	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	Base Score: 4.6
CVSS v2	AV:A/AC:L/Au:S/C:P/I:P/A:N	Base Score: 4.1

CVSS v3	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	Base Score: 6.3
CVSS v2	AV:A/AC:L/Au:N/C:P/I:P/A:P	Base Score: 5.8

CVSS v3	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	Base Score: 5.5
CVSS v2	AV:A/AC:L/Au:S/C:P/I:P/A:P	Base Score: 5.2

CVSS v3	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	Base Score: 6.1
CVSS v2	AV:N/AC:M/Au:N/C:N/I:P/A:N	Base Score: 4.3

CVSS v3	CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H	Base Score: 6.3
CVSS v2	AV:A/AC:L/Au:S/C:N/I:P/A:P	Base Score: 4.1

CVSS v3	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	Base Score: 4.3
CVSS v2	AV:A/AC:L/Au:N/C:N/I:P/A:N	Base Score: 3.3

JVN#37417423 Multiple vulnerabilities in SolarView Compact