Unpatched SolarView Systems Vulnerable to Exploits


Security researchers at VulnCheck have highlighted the exploitation of vulnerabilities in the SolarView Series, an industrial control systems (ICS) hardware widely used for monitoring solar power generation and storage.

These findings come on the heels of Palo Alto Networks Unit 42’s publication on June 22 2023, which revealed a Mirai botnet variant leveraging various new vulnerabilities. 

Read more on Mirai botnet attacks: New Mirai Variant Campaigns are Targeting IoT Devices

According to a new blog post by VulnCheck, CVE-2022-29303, an unauthenticated and remote command injection vulnerability affecting the Contec SolarView Series, poses a significant threat to organizations relying on these ICS devices.

The firm’s investigation discovered that the impact of this vulnerability extends far beyond the initially reported subset of affected systems. Less than one-third of the internet-facing SolarView installations have applied the necessary patches, exposing many systems to exploitation.

“This shows that maintaining cyber hygiene on IoT/OT/ICS systems continues to be a struggle for most organizations, especially when it comes to keeping firmware on the latest (safest versions),” commented John Gallagher, vice president of Viakoo Labs.

“Seeing that less than one-third of impacted systems were patched should cause organizations to reassess their methods of patching systems and ensure they have automated methods.”

VulnCheck’s research uncovered two additional unauthenticated, remote code execution vulnerabilities affecting the SolarView Series. CVE-2023-23333 and CVE-2022-44354, which can enable attackers to execute arbitrary commands and upload malicious PHP web shells.

The company said the active exploitation of these vulnerabilities is evident from multiple sources, including Exploit-DB entries, GitHub exploits and even a publicly available YouTube video demonstrating an attack on a SolarView system.

To safeguard critical infrastructure and prevent unauthorized access, organizations using SolarView hardware must swiftly apply patches.

“Stacking CVEs or exploiting multiples at a time leads to greater risk. Greater risk can mean: service disruption, loss of revenue, espionage and potential safety concerns when dealing with energy/power systems,” explained Timothy Morris, chief security advisor at Tanium.

“If lateral movement to other corporate networks and systems is possible, then the likelihood of a data breach is greatly increased.”

The VulnCheck vulnerability comes hours after the Nagoya Port in Japan reported a significant system outage attributed to a ransomware attack.



Source link