The SolarView devices, manufactured by the Japanese company Contec and used in solar power plants, have two critical vulnerabilities: they can allow attackers to remotely control these devices and disrupt installations. Vulnerabilities were fixed in new device firmware, but two-thirds of customers never upgraded their hardware.
According to the manufacturer, its devices are in use in 30,000 power plants, of which at least 600 objects are accessible via the Internet, according to the search service Shodan. These devices were affected by two vulnerabilities listed under the numbers CVE-2022-29303 And CVE-2023-293333Cybersecurity Experts from Palo Alto Networks.
The vulnerabilities are rated with 9.8 out of 10 points and the status “Critical”. The first of them has been actively exploited since March last year, and since May its exploit’s source code has been in the public domain, allowing you to install a shell — a remote control interface — on a vulnerable device. Hacked devices are included in the Mirai botnet along with routers and IoT devices.
No evidence of exploitation of the CVE-2023-23333 vulnerability by attackers was found, but the exploit’s working code was made public in February, and several hacking scenarios have since been published on GitHub. Contec has already released a software update for SolarView devices. According to the manufacturer, the vulnerabilities are closed in firmware versions 8.0 and 8.10, however, cybersecurity experts assure that only the latter provides reliable protection against hacks. However, more than two-thirds of working SolarView devices have yet to receive any of these updates, the company found. VulnCheck.