3 Critical RCE Bugs Threaten Industrial Solar Panels, Endangering Grid Systems

Exposed and unpatched solar power monitoring systems have been exploited by both amateurs and professionals, including Mirai botnet hackers.

Hundreds of solar power monitoring systems are vulnerable to a trio of critical remote code execution (RCE) vulnerabilities. The hackers behind the
Mirai botnet
and even amateurs have already started taking advantage, and others will follow, experts are predicting.
Palo Alto Networks Unit 42 researchers previously discovered
that the Mirai botnet is spreading through
CVE-2022-29303
, a command injection flaw in SolarView Series software developed by the manufacturer Contec. According to Contecs website, SolarView has been used in more than 30,000 solar power stations.
On Wednesday, vulnerability intelligence firm VulnCheck pointed out
in a blog post
that CVE-2022-29303 is one of
three
critical vulnerabilities in SolarView, and its more than just the Mirai hackers targeting them.
The most likely worst-case scenario is losing visibility into the equipment thats being monitored and having something break down, explains Mike Parkin, senior technical engineer at Vulcan Cyber. Its also theoretically possible, though, that the attacker is able to leverage control of the compromised monitoring system to do greater damage or get deeper into the environment.
CVE-2022-29303 is borne from a particular endpoint in the SolarView Web server, confi_mail.php, which fails to sufficiently sanitize user input data, enabling the remote malfeasance. In the month it was released, the bug received some attention from
security bloggers
,
researchers
, and one YouTuber who showed off the exploit in
a still publicly accessible video demonstration
. But it was hardly the only problem inside SolarView.
For one thing, theres
CVE-2023-23333
, an entirely similar command injection vulnerability. This one affects a different endpoint, downloader.php, and was first revealed in February. And theres
CVE-2022-44354
, published near the end of last year. CVE-2022-44354 is an unrestricted file upload vulnerability affecting yet a third endpoint, enabling attackers to upload PHP Web shells to targeted systems.
VulnCheck noted that these two endpoints, like confi_mail.php, appear to generate hits from malicious hosts on GreyNoise meaning that they too are likely under some level of active exploitation.
All three vulnerabilities were assigned critical 9.8 (out of 10) CVSS scores.
Only Internet-exposed instances of SolarView are at risk of remote compromise. A quick Shodan search by VulnCheck revealed 615 cases connected to the open Web as of this month.
This, says Parkin, is where the unnecessary headache starts. Most of these things are designed to be operated
within
an environment and shouldnt need access from the open Internet under most use cases, he says. Even where remote connectivity is absolutely necessary, there are workarounds that can
protect IoT systems
from the scary parts of the wider Internet, he adds. You can put them all on their own virtual local area networks (VLANs) in their own IP address spaces, and restrict access to them to a few specific gateways or applications, etc.
Operators might risk remaining online if, at least, their systems are patched. Remarkably, however, 425 of those Internet-facing SolarView systems — more than two thirds of the total — were running versions of the software lacking the necessary patch.
At least when it comes to critical systems, this may be understandable. IoT and operational technology devices are often a lot more challenging to update compared to your typical PC or mobile device. It sometimes has management making the choice to accept the risk, rather than take their systems off-line long enough to install security patches, Parkin says.
All three CVEs were patched in SolarView version 8.00.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
3 Critical RCE Bugs Threaten Industrial Solar Panels, Endangering Grid Systems