Published:2023/05/08  Last Updated:2023/05/08

JVNVU#92106300
Multiple vulnerabilities in SolarView Compact

Overview

SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities.

Products Affected

  • SolarView Compact
    • SV-CPT-MC310 versions prior to Ver.8.10
    • SV-CPT-MC310F versions prior to Ver.8.10

Description

SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below.

  • Use of hard-coded credentials (CWE-798) - CVE-2023-27512
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Base Score: 6.5
  • OS command injection in the download page (CWE-78) - CVE-2023-27514
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
  • Buffer overflow in the multiple setting pages (CWE-120) - CVE-2023-27518
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Base Score: 6.3
  • OS command injection in the mail setting page (CWE-78) - CVE-2023-27521
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
  • Improper access control in the system date/time setting page (CWE-284) - CVE-2023-27920
    CVSS v3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N Base Score: 4.3

Impact

  • A remote authenticated attacker may login to the affected product with an administrative privilege and perform an unintended operation - CVE-2023-27512
  • A remote authenticated attacker may execute an arbitrary OS command - CVE-2023-27514, CVE-2023-27521
  • Buffer overflow occurs on the affected product and a remote authenticated attacker may execute arbitrary code - CVE-2023-27518
  • A remote authenticated attacker with a user privilege may alter system date/time of the affected product - CVE-2023-27920

Solution

Update the software
Update the software (firmware) to the latest version according to the information provided by the developer.
The vulnerabilities have been addressed in the following firmware versions.

  • SolarView Compact
    • SV-CPT-MC310 Ver.8.10 or later
    • SV-CPT-MC310F Ver.8.10 or later
Apply the workaround
Applying the following workarounds may mitigate the impacts of these vulnerabilities.
  • Disconnect the product from network
  • Setup a firewall and run the product behind it
  • Configure the product in the trusted and closed network
  • Choose "User authentications required in all menus" under "User authentication target settings" in "User account settings"

Vendor Status

Vendor Link
CONTEC CO.,LTD. Multiple vulnerabilities in CONTEC SolarView Compact (PDF, Text in Japanese)
SV-CPT-MC310 | frimware (Text in Japanese)

References

  1. Japan Vulnerability Notes JVNVU#92327282
    Multiple vulnerabilities in CONTEC SolarView Compact

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2023-27512, CVE-2023-27514, CVE-2023-27518, CVE-2023-27521
Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.

CVE-2023-27920
CONTEC CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solutions through JVN.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2023-27512
CVE-2023-27514
CVE-2023-27518
CVE-2023-27521
CVE-2023-27920
JVN iPedia