Vulnerability in the SolarView energy monitoring system: a shadow falls on the future of solar energy
A critical flaw allows disrupting global supply chains and driving up electricity prices.
According to report companies VulnCheckhundreds of energy companies around the world may be subject to cyber attacks due to a actively exploited vulnerability affecting a solar energy monitoring product Contec Solar View.
Contec specializes in embedded computing, industrial automation and communications technology IoT (Internet of Things). More than 30,000 power plants use SolarView’s solar energy monitoring and visualization product.
This is a code injection vulnerability. CVE-2022-29303 (CVSS: 9.8) in Contec SolarView 6.0. The vulnerability could be exploited by an unauthenticated remote attacker. It is noted that the vulnerability has already been exploited in the wild.
According to VulnCheck, the bug was fixed only with the release of version 8.0, and software versions 4.0 and higher are affected. Search Shodan shows more than 600 SolarView systems open on the Internet, including more than 400 working vulnerable versions.
The experts explained that the entire SolarView series is a monitoring system, so the worst-case attack scenario can be a loss of view method (Loss of view). However, if the equipment is part of a solar energy production facility, the attack can cause loss of productivity and revenue (Loss of Productivity and Revenue) using the equipment as a network node to attack other ICS resources.