Researchers from the cybersecurity firm VulnCheck reported that the vulnerability CVE-2022-29303 in the solar power monitoring Contec SolarView product can be exploited in attacks targeting organizations in the energy sector.
CVE-2022-29303 is an unauthenticated and remote command injection vulnerability impacting the Contec SolarView Series. Researchers at VulnCheck analyzed a number of public exploits for the above issue to determine the potential scale and impact of its exploitation.
According to Contec, the SolarView has been introduced at more than 30,000 power stations.
Hundreds of organizations in the energy sector could be exposed to cyber attacks exploiting the above issue that is known to be actively exploited in the wild.
Since March 2023, researchers at Palo Alto Networks Unit 42 have observed a new variant of the Mirai botnet targeting multiple vulnerabilities in popular IoT devices, including the CVE-2022-29303.
VulnCheck experts discovered, using Shodan, more than 615 internet-exposed SolarView installs, 425 of them running vulnerable versions.
“It turns out that less than one third of the internet-facing SolarView series systems are patched against CVE-2022-29303.” reads the analysis published by VulnCheck.
The experts also warned of other flaws affecting the SolarView Series, such as the vulnerbaility CVE-2022-44354, which can be exploited by an attacker to upload a PHP webshell of the system.
“We’ve looked at a few critical CVEs that affect the SolarView series and determined that there are a few hundred internet-facing systems that remain affected by these issues. When considered in isolation, exploitation of this system is not significant. The SolarView series are all monitoring systems, so loss of view (T0829) is likely the worst-case scenario.However, the impact of exploitation could be high impact depending on the network the SolarView hardware is integrated into.” concludes the report. “For instance, if the hardware is part of a solar power generation site, then the attacker may affect loss of productivity and revenue (T0828) by using the hardware as a network pivot to attack other ICS resources.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, health sector)