What is SolarView Compact?
SolarView Compact is a photovoltaic (PV) power generation measurement and monitoring device developed by Contec.
What is the Attack?
CVE-2022-29303 is a command injection vulnerability in SolarView Compact that allows attackers to steal or modify information, destroy the system, or execute malicious programs by entering commands from the test email transmission screen.
CVE-2022-40881 is a command injection vulnerability in SolarView Compat that allows attackers to steal or modify information, destroy the system, or execute malicious programs by entering commands from the network continuity check screen.
Why is this Significant?
This is significant because CVE-2022-40881 and CVE-2022-29303 are reportedly being exploited in the wild.
FortiGuard Labs advises that the patch should be applied as soon as possible
What is the Vendor Solution?
Contec released a fix for both CVE-2022-40881 and CVE-2022-29303 in version 7.21 and beyond.
What FortiGuard Coverage is available?
FortiGuard Labs has a IPS signature ” SolarView.Compact.Command.Injection” in place for CVE-2022-40881 and CVE-2022-29303.