Published:2022/05/26  Last Updated:2024/04/16

JVNVU#92327282
Multiple vulnerabilities in CONTEC SolarView Compact

Overview

SolarView Compact provided by CONTEC CO., LTD. contains multiple vulnerabilities.

Products Affected

CVE-2022-29303, CVE-2022-40881, CVE-2023-23333

  • SV-CPT-MC310 versions prior to Ver.7.21
  • SV-CPT-MC310F versions prior to Ver.7.21
CVE-2022-29302
  • SV-CPT-MC310 versions prior to Ver.6.50
  • SV-CPT-MC310F versions prior to Ver.6.50
CVE-2022-29298
  • SV-CPT-MC310 versions prior to Ver.7.22
  • SV-CPT-MC310F versions prior to Ver.7.22
【Updated on April 16, 2024】
When this advisory was first published on May 26, 2022, the affected versions were described as "SV-CPT-MC310 versions prior to Ver.6.50" and "SV-CPT-MC310F versions prior to Ver.6.50". However, it was found out that the fix for CVE-2022-29298 was not adequate. Therefore, the versions information above was updated.

Description

SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. SolarView Compact contains multiple vulnerabilities listed below.

  • OS command injection (CWE-78) - CVE-2022-29303
    Improper validation of input values on the send test mail console of the product's web server may result in OS command injection.
    CVSS v3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
  • Directory traversal (CWE-23) - CVE-2022-29298
    Improper validation of a URL on the download page of the product's web server may allow a remote attacker to view and obtain an arbitrary file.
    CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 9.8
  • Information disclosure (CWE-200) - CVE-2022-29302
    The hidden page which enables to edit the product's web server contents exists in the product's web server, and a remote attacker may read and/or alter an arbitrary file on the web server via the hidden page.
    CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Base Score: 6.5
  • OS command injection (CWE-78) - CVE-2022-40881
    Improper validation of input values on Check Network Communication Page of the product's web server may result in an arbitrary OS command execution.
    CVSS v3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
  • OS command injection (CWE-78) - CVE-2023-23333
    Improper validation of input values on the download page of the product's web server may result in an arbitrary OS command execution.
    CVSS v3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8

Impact

Exploiting these vulnerabilities may result in the impacts listed below.

  • An attacker who can access the product settings may execute an arbitrary OS command - CVE-2022-29303, CVE-2022-40881, CVE-2023-23333
  • A remote attacker may obtain an arbitrary file - CVE-2022-29298
  • A remote attacker may view and/or altered an arbitrary file on the web server - CVE-2022-29302

Solution

Update the firmware
Update the firmware to the latest version according to the information provided by the developer.
The vulnerabilities have been addressed in the following firmware versions.

CVE-2022-29303, CVE-2022-40881, CVE-2023-23333, CVE-2022-29302

  • SV-CPT-MC310 Ver.7.21 and later
  • SV-CPT-MC310F Ver.7.21 and later
CVE-2022-29298
  • SV-CPT-MC310 Ver.7.22 and later
  • SV-CPT-MC310F Ver.7.22 and later
【Updated on April 16, 2024】
As of April 16, 2024, the latest firmware version of SolarView Compact is Ver.8.20.
The latest firmware version includes other vulnerability fixes that were addressed after this advisory was first published.

Apply the workaround
Applying the following workarounds may mitigate the impacts of these vulnerabilities.
  • Disconnect from network if the product being used in the standalone environment
  • Setup a firewall and run the product behind it
  • Configure the product in the trusted and closed network
  • Choose "User authentications required in all menus" under "User authentication target settings" in "User account settings"
  • Change default credentials

References

JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Credit

CVE-2022-29298
Jongheon Yan of S2W Inc reported CONTEC CO., LTD. that the fix for the vulnerability was insufficient in Ver.6.5. CONTEC CO., LTD. and JPCERT/CC updated respective advisories.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia

Update History

2022/06/09
Information under the section [Title], [Overview], [Products Affected], [Description], [Impact], and [Solution] was updated.
2022/12/13
Information regarding "CVE-2022-40881" was added to [Products Affected], [Description], and [Impact] sections, and information under [Solution] and [Vendor Status] sections was updated.
2023/02/10
Information regarding "CVE-2023-23333" was added to [Products Affected], [Description], and [Impact] sections, and information under [Vendor Status] section was updated.
2024/04/16
Information under the section [Products Affected], [Solution] and [Credit] was updated.