All the vulnerabilites related to Contec - SolarView Compact SV-CPT-MC310
jvndb-2023-001774
Vulnerability from jvndb
Published
2023-05-09 16:09
Modified
2024-06-27 13:30
Severity ?
Summary
Multiple vulnerabilities in SolarView Compact
Details
SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below.
* Use of hard-coded credentials (CWE-798) - CVE-2023-27512
* OS command injection in the download page (CWE-78) - CVE-2023-27514
* Buffer overflow in the multiple setting pages (CWE-120) - CVE-2023-27518
* OS command injection in the mail setting page (CWE-78) - CVE-2023-27521
* Improper access control in the system date/time setting page (CWE-284) - CVE-2023-27920
CVE-2023-27512, CVE-2023-27514, CVE-2023-27518, CVE-2023-27521
Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.
JPCERT/CC coordinated with the developer.
CVE-2023-27920
CONTEC CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solutions through JVN.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/vu/JVNVU92106300/index.html | |
CVE | https://www.cve.org/CVERecord?id=CVE-2023-27512 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2023-27514 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2023-27518 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2023-27521 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2023-27920 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-27512 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-27514 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-27518 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-27521 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-27920 | |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')(CWE-120) | https://cwe.mitre.org/data/definitions/120.html | |
Improper Access Control(CWE-284) | https://cwe.mitre.org/data/definitions/284.html | |
OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
Use of Hard-coded Credentials(CWE-798) | https://cwe.mitre.org/data/definitions/798.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001774.html", "dc:date": "2024-06-27T13:30+09:00", "dcterms:issued": "2023-05-09T16:09+09:00", "dcterms:modified": "2024-06-27T13:30+09:00", "description": "SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below.\r\n\r\n * Use of hard-coded credentials (CWE-798) - CVE-2023-27512\r\n * OS command injection in the download page (CWE-78) - CVE-2023-27514\r\n * Buffer overflow in the multiple setting pages (CWE-120) - CVE-2023-27518\r\n * OS command injection in the mail setting page (CWE-78) - CVE-2023-27521\r\n * Improper access control in the system date/time setting page (CWE-284) - CVE-2023-27920\r\n\r\nCVE-2023-27512, CVE-2023-27514, CVE-2023-27518, CVE-2023-27521\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-27920\r\nCONTEC CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solutions through JVN.", "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001774.html", "sec:cpe": [ { "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware", "@product": "SolarView Compact SV-CPT-MC310F", "@vendor": "Contec", "@version": "2.2" }, { "#text": "cpe:/o:contec:sv-cpt-mc310_firmware", "@product": "SolarView Compact SV-CPT-MC310", "@vendor": "Contec", "@version": "2.2" } ], "sec:cvss": { "@score": "8.8", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" }, "sec:identifier": "JVNDB-2023-001774", "sec:references": [ { "#text": "https://jvn.jp/en/vu/JVNVU92106300/index.html", "@id": "JVNVU#92106300", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27512", "@id": "CVE-2023-27512", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27514", "@id": "CVE-2023-27514", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27518", "@id": "CVE-2023-27518", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27521", "@id": "CVE-2023-27521", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27920", "@id": "CVE-2023-27920", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27512", "@id": "CVE-2023-27512", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27514", "@id": "CVE-2023-27514", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27518", "@id": "CVE-2023-27518", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27521", "@id": "CVE-2023-27521", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27920", "@id": "CVE-2023-27920", "@source": "NVD" }, { "#text": "https://cwe.mitre.org/data/definitions/120.html", "@id": "CWE-120", "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)" }, { "#text": "https://cwe.mitre.org/data/definitions/284.html", "@id": "CWE-284", "@title": "Improper Access Control(CWE-284)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" }, { "#text": "https://cwe.mitre.org/data/definitions/798.html", "@id": "CWE-798", "@title": "Use of Hard-coded Credentials(CWE-798)" } ], "title": "Multiple vulnerabilities in SolarView Compact" }
jvndb-2021-000016
Vulnerability from jvndb
Published
2021-02-19 16:44
Modified
2021-02-25 15:31
Severity ?
Summary
Multiple vulnerabilities in SolarView Compact
Details
SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.
*Exposure of information through directory listing (CWE-548) - CVE-2021-20656
*Improper access control (CWE-284) - CVE-2021-20657
*OS command injection (CWE-78) - CVE-2021-20658
*Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20659
*Cross-site scripting (CWE-79) - CVE-2021-20660
*Directory traversal (CWE-23) - CVE-2021-20661
*Missing authentication for critical function (CWE-306) - CVE-2021-20662
*Using components with known vulnerabilities (CWE-1035) - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324
The product uses previous versions of vsfpd and lighttpd with known vulnerabilities.
CVE-2021-20656
Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20657, CVE-2021-20658
Takayuki Sasak, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2021-20659, CVE-2021-20660, CVE-2021-20661, CVE-2021-20662
Kouichirou Okada, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported to IPA that CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323 and CVE-2014-2324 vulnerabilities still exist in the product. JPCERT/CC coordinated with the developer.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Contec | SolarView Compact SV-CPT-MC310 |
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000016.html", "dc:date": "2021-02-25T15:31+09:00", "dcterms:issued": "2021-02-19T16:44+09:00", "dcterms:modified": "2021-02-25T15:31+09:00", "description": "SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.\r\n\r\n*Exposure of information through directory listing (CWE-548) - CVE-2021-20656\r\n*Improper access control (CWE-284) - CVE-2021-20657\r\n*OS command injection (CWE-78) - CVE-2021-20658\r\n*Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20659\r\n*Cross-site scripting (CWE-79) - CVE-2021-20660\r\n*Directory traversal (CWE-23) - CVE-2021-20661\r\n*Missing authentication for critical function (CWE-306) - CVE-2021-20662\r\n*Using components with known vulnerabilities (CWE-1035) - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324\r\nThe product uses previous versions of vsfpd and lighttpd with known vulnerabilities.\r\n\r\nCVE-2021-20656\r\nKouichirou Okada, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20657, CVE-2021-20658\r\nTakayuki Sasak, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20659, CVE-2021-20660, CVE-2021-20661, CVE-2021-20662\r\nKouichirou Okada, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nKouichirou Okada, Katsunari Yoshioka of Yokohama National University reported to IPA that CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323 and CVE-2014-2324 vulnerabilities still exist in the product. JPCERT/CC coordinated with the developer.", "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000016.html", "sec:cpe": { "#text": "cpe:/o:contec:sv-cpt-mc310_firmware", "@product": "SolarView Compact SV-CPT-MC310", "@vendor": "Contec", "@version": "2.2" }, "sec:cvss": [ { "@score": "5.8", "@severity": "Medium", "@type": "Base", "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, { "@score": "6.3", "@severity": "Medium", "@type": "Base", "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "@version": "3.0" } ], "sec:identifier": "JVNDB-2021-000016", "sec:references": [ { "#text": "https://jvn.jp/en/jp/JVN37417423/index.html", "@id": "JVN#37417423", "@source": "JVN" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0762", "@id": "CVE-2011-0762", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362", "@id": "CVE-2011-4362", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508", "@id": "CVE-2013-4508", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559", "@id": "CVE-2013-4559", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560", "@id": "CVE-2013-4560", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323", "@id": "CVE-2014-2323", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324", "@id": "CVE-2014-2324", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20656", "@id": "CVE-2021-20656", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20657", "@id": "CVE-2021-20657", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20658", "@id": "CVE-2021-20658", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20659", "@id": "CVE-2021-20659", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20660", "@id": "CVE-2021-20660", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20661", "@id": "CVE-2021-20661", "@source": "CVE" }, { "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20662", "@id": "CVE-2021-20662", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-0762", "@id": "CVE-2011-0762", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-4362", "@id": "CVE-2011-4362", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4508", "@id": "CVE-2013-4508", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4559", "@id": "CVE-2013-4559", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4560", "@id": "CVE-2013-4560", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-2323", "@id": "CVE-2014-2323", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-2324", "@id": "CVE-2014-2324", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20656", "@id": "CVE-2021-20656", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20657", "@id": "CVE-2021-20657", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20658", "@id": "CVE-2021-20658", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20659", "@id": "CVE-2021-20659", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20660", "@id": "CVE-2021-20660", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20661", "@id": "CVE-2021-20661", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20662", "@id": "CVE-2021-20662", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-200", "@title": "Information Exposure(CWE-200)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-22", "@title": "Path Traversal(CWE-22)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-Other", "@title": "No Mapping(CWE-Other)" } ], "title": "Multiple vulnerabilities in SolarView Compact" }
jvndb-2022-002112
Vulnerability from jvndb
Published
2022-08-03 17:40
Modified
2024-06-14 15:21
Severity ?
Summary
CONTEC SolarView Compact vulnerable to insufficient verification in uploading files
Details
SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System.
The image file management page of SolarView Compact contains an insufficient verification vulnerability when uploadi
webray reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer.ng files (CWE-20).
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/vu/JVNVU93696585/ | |
CVE | https://www.cve.org/CVERecord?id=CVE-2022-35239 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-35239 | |
Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002112.html", "dc:date": "2024-06-14T15:21+09:00", "dcterms:issued": "2022-08-03T17:40+09:00", "dcterms:modified": "2024-06-14T15:21+09:00", "description": "SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System.\r\nThe image file management page of SolarView Compact contains an insufficient verification vulnerability when uploadi\r\n\r\nwebray reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.ng files (CWE-20).", "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002112.html", "sec:cpe": [ { "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware", "@product": "SolarView Compact SV-CPT-MC310F", "@vendor": "Contec", "@version": "2.2" }, { "#text": "cpe:/o:contec:sv-cpt-mc310_firmware", "@product": "SolarView Compact SV-CPT-MC310", "@vendor": "Contec", "@version": "2.2" } ], "sec:cvss": { "@score": "8.8", "@severity": "High", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" }, "sec:identifier": "JVNDB-2022-002112", "sec:references": [ { "#text": "https://jvn.jp/en/vu/JVNVU93696585/", "@id": "JVNVU#93696585", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2022-35239", "@id": "CVE-2022-35239", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-35239", "@id": "CVE-2022-35239", "@source": "NVD" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-20", "@title": "Improper Input Validation(CWE-20)" } ], "title": "CONTEC SolarView Compact vulnerable to insufficient verification in uploading files" }
jvndb-2022-001923
Vulnerability from jvndb
Published
2022-05-27 15:28
Modified
2024-06-20 11:34
Severity ?
Summary
Multiple vulnerabilities in CONTEC SolarView Compact
Details
SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. SolarView Compact contains multiple vulnerabilities listed below.
OS command injection (CWE-78) - CVE-2022-29303
Improper validation of input values on the send test mail console of the product's web server may result in OS command injection.
Directory traversal (CWE-23) - CVE-2022-29298
Improper validation of a URL on the download page of the product's web server may allow a remote attacker to view and obtain an arbitrary file.
Information disclosure (CWE-200) - CVE-2022-29302
The hidden page which enables to edit the product's web server contents exists in the product's web server, and a remote attacker to read and/or alter an arbitrary file on the web server via the hidden page.
OS command injection (CWE-78) - CVE-2022-40881
Improper validation of input values on Check Network Communication Page of the product's web server may result in an arbitrary OS command execution.
OS command injection (CWE-78) - CVE-2023-23333
Improper validation of input values on the download page of the product's web server may result in an arbitrary OS command execution.
CVE-2022-29298
Jongheon Yan of S2W Inc reported CONTEC CO., LTD. that the fix for the vulnerability was insufficient in Ver.6.5. CONTEC CO., LTD. and JPCERT/CC updated respective advisories.
References
▼ | Type | URL |
---|---|---|
JVN | https://jvn.jp/en/vu/JVNVU92327282/index.html | |
CVE | https://www.cve.org/CVERecord?id=CVE-2022-29303 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2022-29298 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2022-29302 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2022-40881 | |
CVE | https://www.cve.org/CVERecord?id=CVE-2023-23333 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-29303 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-29298 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-29302 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2022-40881 | |
NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-23333 | |
CISA Known Exploited Vulnerabilities Catalog | https://www.cisa.gov/known-exploited-vulnerabilities-catalog | |
OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
Relative Path Traversal(CWE-23) | https://cwe.mitre.org/data/definitions/23.html | |
Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001923.html", "dc:date": "2024-06-20T11:34+09:00", "dcterms:issued": "2022-05-27T15:28+09:00", "dcterms:modified": "2024-06-20T11:34+09:00", "description": "SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. SolarView Compact contains multiple vulnerabilities listed below.\r\n\r\nOS command injection (CWE-78) - CVE-2022-29303\r\nImproper validation of input values on the send test mail console of the product\u0027s web server may result in OS command injection.\r\n\r\nDirectory traversal (CWE-23) - CVE-2022-29298\r\nImproper validation of a URL on the download page of the product\u0027s web server may allow a remote attacker to view and obtain an arbitrary file.\r\n\r\nInformation disclosure (CWE-200) - CVE-2022-29302\r\nThe hidden page which enables to edit the product\u0027s web server contents exists in the product\u0027s web server, and a remote attacker to read and/or alter an arbitrary file on the web server via the hidden page.\r\n\r\nOS command injection (CWE-78) - CVE-2022-40881\r\nImproper validation of input values on Check Network Communication Page of the product\u0027s web server may result in an arbitrary OS command execution.\r\n\r\nOS command injection (CWE-78) - CVE-2023-23333\r\nImproper validation of input values on the download page of the product\u0027s web server may result in an arbitrary OS command execution.\r\n\r\nCVE-2022-29298\r\nJongheon Yan of S2W Inc reported CONTEC CO., LTD. that the fix for the vulnerability was insufficient in Ver.6.5. CONTEC CO., LTD. and JPCERT/CC updated respective advisories.", "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001923.html", "sec:cpe": [ { "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware", "@product": "SolarView Compact SV-CPT-MC310F", "@vendor": "Contec", "@version": "2.2" }, { "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware", "@product": "SolarView Compact SV-CPT-MC310F", "@vendor": "Contec", "@version": "2.2" }, { "#text": "cpe:/o:contec:sv-cpt-mc310_firmware", "@product": "SolarView Compact SV-CPT-MC310", "@vendor": "Contec", "@version": "2.2" }, { "#text": "cpe:/o:contec:sv-cpt-mc310_firmware", "@product": "SolarView Compact SV-CPT-MC310", "@vendor": "Contec", "@version": "2.2" } ], "sec:cvss": [ { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "@version": "2.0" }, { "@score": "9.8", "@severity": "Critical", "@type": "Base", "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "@version": "3.0" } ], "sec:identifier": "JVNDB-2022-001923", "sec:references": [ { "#text": "https://jvn.jp/en/vu/JVNVU92327282/index.html", "@id": "JVNVU#92327282", "@source": "JVN" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29303", "@id": "CVE-2022-29303", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29298", "@id": "CVE-2022-29298", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29302", "@id": "CVE-2022-29302", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2022-40881", "@id": "CVE-2022-40881", "@source": "CVE" }, { "#text": "https://www.cve.org/CVERecord?id=CVE-2023-23333", "@id": "CVE-2023-23333", "@source": "CVE" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29303", "@id": "CVE-2022-29303", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29298", "@id": "CVE-2022-29298", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29302", "@id": "CVE-2022-29302", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40881", "@id": "CVE-2022-40881", "@source": "NVD" }, { "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23333", "@id": "CVE-2023-23333", "@source": "NVD" }, { "#text": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "@id": "CVE-2022-29303", "@source": "CISA Known Exploited Vulnerabilities Catalog" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-78", "@title": "OS Command Injection(CWE-78)" }, { "#text": "https://cwe.mitre.org/data/definitions/23.html", "@id": "CWE-23", "@title": "Relative Path Traversal(CWE-23)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-200", "@title": "Information Exposure(CWE-200)" } ], "title": "Multiple vulnerabilities in CONTEC SolarView Compact" }