Renewable energy stations, particularly in Japan, are facing potential disruption due to a vulnerability in Contec’s SolarView products. The vulnerability, tracked as CVE-2022-29303, has been deemed critical and has the potential to enable hackers to exploit SolarView systems installed in thousands of locations.
Details of the Vulnerability:
Contec’s SolarView products, used for active monitoring of solar farms, have been installed in approximately 30,000 locations. The identified vulnerability allows for command injection via the conf_mail.php file in SolarView Compact ver.6.00. The severity of the vulnerability, with a score of 9.8 out of 10, highlights the significant risk it poses.
Exploitation and Mirai Botnet:
The vulnerability in SolarView products is one of more than 20 exploits used in a campaign to spread a variant of the Mirai botnet. The Mirai botnet has been known for targeting IoT devices, with previous victims including TP-Link, Netgear, and Zyxel. The combination of the persistent Mirai botnet and the increasing number of IoT devices raises concerns about the potential for widespread disruption.
Scope of the Vulnerability:
At least 600 SolarView systems have been indexed on the Shodan search engine, which locates Internet-connected devices. Although it is unclear how many devices are still running the vulnerable version 6.00 firmware from 2019, a significant number of solar panel operators could be at risk. The vulnerability may have existed since at least version 4.00, and the most recent version is now 8.10.
Response and Recommendations:
Contec, the manufacturer of SolarView products, has not released any information regarding the security concern. However, it is crucial for all users of Internet-connected devices, including SolarView systems, to keep their firmware up to date. Regularly updating firmware helps mitigate the risk of exploitation and ensures that security vulnerabilities are addressed promptly.
The vulnerability in Contec’s SolarView products poses a significant risk to renewable energy stations, particularly in Japan. The potential for exploitation by hackers and its connection to the Mirai botnet underscores the importance of maintaining the security of IoT devices. Solar panel operators and users of SolarView systems should prioritize firmware updates to protect against potential disruptions and safeguard their infrastructure.