All the vulnerabilites related to Contec Co., Ltd. - SolarView Compact
cve-2023-27514
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2024-08-02 12:16
Severity ?
EPSS score ?
Summary
OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:16:35.353Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "tags": [ "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/en/vu/JVNVU92106300/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10" } ] } ], "descriptions": [ { "lang": "en", "value": "OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute an arbitrary OS command." } ], "problemTypes": [ { "descriptions": [ { "description": "OS Command Injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-23T00:00:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf" }, { "url": "https://jvn.jp/en/vu/JVNVU92106300/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2023-27514", "datePublished": "2023-05-23T00:00:00", "dateReserved": "2023-03-15T00:00:00", "dateUpdated": "2024-08-02T12:16:35.353Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-35239
Vulnerability from cvelistv5
Published
2022-08-16 07:01
Modified
2024-08-03 09:29
Severity ?
EPSS score ?
Summary
The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | CONTEC CO., LTD. | SolarView Compact |
Version: SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T09:29:17.446Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jvn.jp/en/vu/JVNVU93696585/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "CONTEC CO., LTD.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier" } ] } ], "descriptions": [ { "lang": "en", "value": "The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Input Validation", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-08-16T07:01:46", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "tags": [ "x_refsource_MISC" ], "url": "https://jvn.jp/en/vu/JVNVU93696585/" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2022-35239", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SolarView Compact", "version": { "version_data": [ { "version_value": "SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier" } ] } } ] }, "vendor_name": "CONTEC CO., LTD." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Input Validation" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf", "refsource": "MISC", "url": "https://www.contec.com/jp/api/downloadlogger?download=/jp/-/media/Contec/jp/support/security-info/contec_security_solarview_220727.pdf" }, { "name": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware", "refsource": "MISC", "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "name": "https://jvn.jp/en/vu/JVNVU93696585/", "refsource": "MISC", "url": "https://jvn.jp/en/vu/JVNVU93696585/" } ] } } } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2022-35239", "datePublished": "2022-08-16T07:01:46", "dateReserved": "2022-07-21T00:00:00", "dateUpdated": "2024-08-03T09:29:17.446Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27521
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2024-08-02 12:16
Severity ?
EPSS score ?
Summary
OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:16:35.735Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "tags": [ "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/en/vu/JVNVU92106300/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10" } ] } ], "descriptions": [ { "lang": "en", "value": "OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated attackers to execute an arbitrary OS command." } ], "problemTypes": [ { "descriptions": [ { "description": "OS Command Injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-23T00:00:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf" }, { "url": "https://jvn.jp/en/vu/JVNVU92106300/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2023-27521", "datePublished": "2023-05-23T00:00:00", "dateReserved": "2023-03-15T00:00:00", "dateUpdated": "2024-08-02T12:16:35.735Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27518
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2024-08-02 12:16
Severity ?
EPSS score ?
Summary
Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:16:35.412Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "tags": [ "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/en/vu/JVNVU92106300/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10" } ] } ], "descriptions": [ { "lang": "en", "value": "Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "Buffer Overflow", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-23T00:00:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf" }, { "url": "https://jvn.jp/en/vu/JVNVU92106300/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2023-27518", "datePublished": "2023-05-23T00:00:00", "dateReserved": "2023-03-15T00:00:00", "dateUpdated": "2024-08-02T12:16:35.412Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27512
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2024-08-02 12:16
Severity ?
EPSS score ?
Summary
Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:16:36.515Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "tags": [ "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/en/vu/JVNVU92106300/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10" } ] } ], "descriptions": [ { "lang": "en", "value": "Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to login the affected product with an administrative privilege and perform an unintended operation." } ], "problemTypes": [ { "descriptions": [ { "description": "Use of hard-coded credentials", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-23T00:00:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf" }, { "url": "https://jvn.jp/en/vu/JVNVU92106300/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2023-27512", "datePublished": "2023-05-23T00:00:00", "dateReserved": "2023-03-15T00:00:00", "dateUpdated": "2024-08-02T12:16:36.515Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20657
Vulnerability from cvelistv5
Published
2021-02-24 03:51
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 prior to Ver.6.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:45.172Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 prior to Ver.6.5" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper Access Control", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T03:51:44", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2021-20657", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SolarView Compact", "version": { "version_data": [ { "version_value": "SV-CPT-MC310 prior to Ver.6.5" } ] } } ] }, "vendor_name": "Contec Co., Ltd." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain and/or alter the setting information without the access privilege via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Improper Access Control" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf", "refsource": "MISC", "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf", "refsource": "MISC", "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "name": "https://jvn.jp/en/jp/JVN37417423/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2021-20657", "datePublished": "2021-02-24T03:51:44", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:45:45.172Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20662
Vulnerability from cvelistv5
Published
2021-02-24 03:51
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 prior to Ver.6.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:45.501Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 prior to Ver.6.5" } ] } ], "descriptions": [ { "lang": "en", "value": "Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "Missing authentication for critical function", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T03:51:48", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2021-20662", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SolarView Compact", "version": { "version_data": [ { "version_value": "SV-CPT-MC310 prior to Ver.6.5" } ] } } ] }, "vendor_name": "Contec Co., Ltd." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Missing authentication for critical function in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to alter the setting information without the access privileges via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Missing authentication for critical function" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf", "refsource": "MISC", "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf", "refsource": "MISC", "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "name": "https://jvn.jp/en/jp/JVN37417423/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2021-20662", "datePublished": "2021-02-24T03:51:48", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:45:45.501Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20656
Vulnerability from cvelistv5
Published
2021-02-24 03:51
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 prior to Ver.6.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:45.117Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 prior to Ver.6.5" } ] } ], "descriptions": [ { "lang": "en", "value": "Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "Exposure of information through directory listing", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T03:51:44", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2021-20656", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SolarView Compact", "version": { "version_data": [ { "version_value": "SV-CPT-MC310 prior to Ver.6.5" } ] } } ] }, "vendor_name": "Contec Co., Ltd." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Exposure of information through directory listing in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to obtain the information inside the system, such as directories and/or file configurations via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Exposure of information through directory listing" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf", "refsource": "MISC", "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf", "refsource": "MISC", "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "name": "https://jvn.jp/en/jp/JVN37417423/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2021-20656", "datePublished": "2021-02-24T03:51:44", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:45:45.117Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20658
Vulnerability from cvelistv5
Published
2021-02-24 03:51
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 prior to Ver.6.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:45.391Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 prior to Ver.6.5" } ] } ], "descriptions": [ { "lang": "en", "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "OS Command Injection", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T03:51:45", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2021-20658", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SolarView Compact", "version": { "version_data": [ { "version_value": "SV-CPT-MC310 prior to Ver.6.5" } ] } } ] }, "vendor_name": "Contec Co., Ltd." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "OS Command Injection" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf", "refsource": "MISC", "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf", "refsource": "MISC", "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "name": "https://jvn.jp/en/jp/JVN37417423/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2021-20658", "datePublished": "2021-02-24T03:51:45", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:45:45.391Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-27920
Vulnerability from cvelistv5
Published
2023-05-23 00:00
Modified
2024-08-02 12:23
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T12:23:30.630Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "tags": [ "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf" }, { "tags": [ "x_transferred" ], "url": "https://jvn.jp/en/vu/JVNVU92106300/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated attacker to alter system date/time of the affected product." } ], "problemTypes": [ { "descriptions": [ { "description": "Improper access control", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-23T00:00:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "url": "https://www.contec.com/jp/download/donwload-list/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e#firmware" }, { "url": "https://www.contec.com/jp/api/downloadlogger?download=/-/media/Contec/jp/support/security-info/contec_security_solarview_230508.pdf" }, { "url": "https://jvn.jp/en/vu/JVNVU92106300/" } ] } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2023-27920", "datePublished": "2023-05-23T00:00:00", "dateReserved": "2023-03-15T00:00:00", "dateUpdated": "2024-08-02T12:23:30.630Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20659
Vulnerability from cvelistv5
Published
2021-02-24 03:51
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 prior to Ver.6.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:45.371Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 prior to Ver.6.5" } ] } ], "descriptions": [ { "lang": "en", "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code." } ], "problemTypes": [ { "descriptions": [ { "description": "Unrestricted upload of file with dangerous type", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T03:51:46", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2021-20659", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SolarView Compact", "version": { "version_data": [ { "version_value": "SV-CPT-MC310 prior to Ver.6.5" } ] } } ] }, "vendor_name": "Contec Co., Ltd." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an authenticated attacker to upload arbitrary files via unspecified vectors. If the file is PHP script, an attacker may execute arbitrary code." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Unrestricted upload of file with dangerous type" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf", "refsource": "MISC", "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf", "refsource": "MISC", "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "name": "https://jvn.jp/en/jp/JVN37417423/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2021-20659", "datePublished": "2021-02-24T03:51:46", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:45:45.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20660
Vulnerability from cvelistv5
Published
2021-02-24 03:51
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 prior to Ver.6.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:45.358Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 prior to Ver.6.5" } ] } ], "descriptions": [ { "lang": "en", "value": "Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "Cross-site scripting", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T03:51:46", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2021-20660", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SolarView Compact", "version": { "version_data": [ { "version_value": "SV-CPT-MC310 prior to Ver.6.5" } ] } } ] }, "vendor_name": "Contec Co., Ltd." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Cross-site scripting vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to inject an arbitrary script via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Cross-site scripting" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf", "refsource": "MISC", "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf", "refsource": "MISC", "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "name": "https://jvn.jp/en/jp/JVN37417423/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2021-20660", "datePublished": "2021-02-24T03:51:46", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:45:45.358Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-20661
Vulnerability from cvelistv5
Published
2021-02-24 03:51
Modified
2024-08-03 17:45
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Contec Co., Ltd. | SolarView Compact |
Version: SV-CPT-MC310 prior to Ver.6.5 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T17:45:45.234Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "SolarView Compact", "vendor": "Contec Co., Ltd.", "versions": [ { "status": "affected", "version": "SV-CPT-MC310 prior to Ver.6.5" } ] } ], "descriptions": [ { "lang": "en", "value": "Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "Directory traversal", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2021-02-24T03:51:47", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "tags": [ "x_refsource_MISC" ], "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2021-20661", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "SolarView Compact", "version": { "version_data": [ { "version_value": "SV-CPT-MC310 prior to Ver.6.5" } ] } } ] }, "vendor_name": "Contec Co., Ltd." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Directory traversal" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf", "refsource": "MISC", "url": "https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf" }, { "name": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf", "refsource": "MISC", "url": "https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e\u0026downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf" }, { "name": "https://jvn.jp/en/jp/JVN37417423/index.html", "refsource": "MISC", "url": "https://jvn.jp/en/jp/JVN37417423/index.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2021-20661", "datePublished": "2021-02-24T03:51:47", "dateReserved": "2020-12-17T00:00:00", "dateUpdated": "2024-08-03T17:45:45.234Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }