Hundreds of energy organizations could be exposed to attacks due to an actively exploited vulnerability affecting a solar power monitoring product made by Contec, vulnerability intelligence company VulnCheck warned on Wednesday.
Contec specializes in custom embedded computing, industrial automation, and IoT communication technology. The company’s SolarView solar power monitoring and visualization product is used at more than 30,000 power stations, according to its website.
Palo Alto Networks reported on June 22 that a Mirai variant has been exploiting a vulnerability in SolarView to hack devices and ensnare them into a botnet. The flaw, CVE-2022-29303, is one of the nearly two dozen targeted by the botnet.
CVE-2022-29303 is described as a code injection issue affecting SolarView version 6.0. The vulnerability can be exploited remotely by unauthenticated attackers.
VulnCheck’s analysis indicates that the security hole was only patched with the release of version 8.0 and versions dating back to at least 4.0 are impacted.
A Shodan search shows more than 600 internet-exposed SolarView systems, including over 400 running vulnerable versions.
“When considered in isolation, exploitation of this system is not significant. The SolarView series are all monitoring systems, so loss of view (T0829) is likely the worst-case scenario. However, the impact of exploitation could be high, depending on the network the SolarView hardware is integrated into,” VulnCheck explained.
“For instance, if the hardware is part of a solar power generation site, then the attacker may affect loss of productivity and revenue (T0828) by using the hardware as a network pivot to attack other ICS resources,” it added.
The fact that CVE-2022-29303 has been used in the wild is not surprising considering that an exploit and exploitation instructions have been public since May 2022.