All the vulnerabilites related to Contec - SolarView Compact SV-CPT-MC310
jvndb-2023-001774
Vulnerability from jvndb
Published
2023-05-09 16:09
Modified
2024-06-27 13:30
Severity ?
Summary
Multiple vulnerabilities in SolarView Compact
Details
SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below. * Use of hard-coded credentials (CWE-798) - CVE-2023-27512 * OS command injection in the download page (CWE-78) - CVE-2023-27514 * Buffer overflow in the multiple setting pages (CWE-120) - CVE-2023-27518 * OS command injection in the mail setting page (CWE-78) - CVE-2023-27521 * Improper access control in the system date/time setting page (CWE-284) - CVE-2023-27920 CVE-2023-27512, CVE-2023-27514, CVE-2023-27518, CVE-2023-27521 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2023-27920 CONTEC CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solutions through JVN.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001774.html",
  "dc:date": "2024-06-27T13:30+09:00",
  "dcterms:issued": "2023-05-09T16:09+09:00",
  "dcterms:modified": "2024-06-27T13:30+09:00",
  "description": "SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below.\r\n\r\n  * Use of hard-coded credentials (CWE-798) - CVE-2023-27512\r\n  * OS command injection in the download page (CWE-78) - CVE-2023-27514\r\n  * Buffer overflow in the multiple setting pages (CWE-120) - CVE-2023-27518\r\n  * OS command injection in the mail setting page (CWE-78) - CVE-2023-27521\r\n  * Improper access control in the system date/time setting page (CWE-284) - CVE-2023-27920\r\n\r\nCVE-2023-27512, CVE-2023-27514, CVE-2023-27518, CVE-2023-27521\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-27920\r\nCONTEC CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001774.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware",
      "@product": "SolarView Compact SV-CPT-MC310F",
      "@vendor": "Contec",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310_firmware",
      "@product": "SolarView Compact SV-CPT-MC310",
      "@vendor": "Contec",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "8.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2023-001774",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU92106300/index.html",
      "@id": "JVNVU#92106300",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27512",
      "@id": "CVE-2023-27512",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27514",
      "@id": "CVE-2023-27514",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27518",
      "@id": "CVE-2023-27518",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27521",
      "@id": "CVE-2023-27521",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27920",
      "@id": "CVE-2023-27920",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27512",
      "@id": "CVE-2023-27512",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27514",
      "@id": "CVE-2023-27514",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27518",
      "@id": "CVE-2023-27518",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27521",
      "@id": "CVE-2023-27521",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27920",
      "@id": "CVE-2023-27920",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/120.html",
      "@id": "CWE-120",
      "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/284.html",
      "@id": "CWE-284",
      "@title": "Improper Access Control(CWE-284)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/798.html",
      "@id": "CWE-798",
      "@title": "Use of Hard-coded Credentials(CWE-798)"
    }
  ],
  "title": "Multiple vulnerabilities in SolarView Compact"
}

jvndb-2021-000016
Vulnerability from jvndb
Published
2021-02-19 16:44
Modified
2021-02-25 15:31
Severity ?
Summary
Multiple vulnerabilities in SolarView Compact
Details
SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below. *Exposure of information through directory listing (CWE-548) - CVE-2021-20656 *Improper access control (CWE-284) - CVE-2021-20657 *OS command injection (CWE-78) - CVE-2021-20658 *Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20659 *Cross-site scripting (CWE-79) - CVE-2021-20660 *Directory traversal (CWE-23) - CVE-2021-20661 *Missing authentication for critical function (CWE-306) - CVE-2021-20662 *Using components with known vulnerabilities (CWE-1035) - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324 The product uses previous versions of vsfpd and lighttpd with known vulnerabilities. CVE-2021-20656 Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20657, CVE-2021-20658 Takayuki Sasak, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2021-20659, CVE-2021-20660, CVE-2021-20661, CVE-2021-20662 Kouichirou Okada, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Kouichirou Okada, Katsunari Yoshioka of Yokohama National University reported to IPA that CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323 and CVE-2014-2324 vulnerabilities still exist in the product. JPCERT/CC coordinated with the developer.
References
JVN https://jvn.jp/en/jp/JVN37417423/index.html
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0762
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20656
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20657
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20658
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20659
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20660
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20661
CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20662
NVD https://nvd.nist.gov/vuln/detail/CVE-2011-0762
NVD https://nvd.nist.gov/vuln/detail/CVE-2011-4362
NVD https://nvd.nist.gov/vuln/detail/CVE-2013-4508
NVD https://nvd.nist.gov/vuln/detail/CVE-2013-4559
NVD https://nvd.nist.gov/vuln/detail/CVE-2013-4560
NVD https://nvd.nist.gov/vuln/detail/CVE-2014-2323
NVD https://nvd.nist.gov/vuln/detail/CVE-2014-2324
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20656
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20657
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20658
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20659
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20660
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20661
NVD https://nvd.nist.gov/vuln/detail/CVE-2021-20662
Information Exposure(CWE-200) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Path Traversal(CWE-22) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Permissions(CWE-264) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
OS Command Injection(CWE-78) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Cross-site Scripting(CWE-79) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
No Mapping(CWE-Other) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000016.html",
  "dc:date": "2021-02-25T15:31+09:00",
  "dcterms:issued": "2021-02-19T16:44+09:00",
  "dcterms:modified": "2021-02-25T15:31+09:00",
  "description": "SolarView Compact provided by Contec Co., Ltd. contains multiple vulnerabilities listed below.\r\n\r\n*Exposure of information through directory listing (CWE-548) - CVE-2021-20656\r\n*Improper access control (CWE-284) - CVE-2021-20657\r\n*OS command injection (CWE-78) - CVE-2021-20658\r\n*Unrestricted upload of file with dangerous type (CWE-434) - CVE-2021-20659\r\n*Cross-site scripting (CWE-79) - CVE-2021-20660\r\n*Directory traversal (CWE-23) - CVE-2021-20661\r\n*Missing authentication for critical function (CWE-306) - CVE-2021-20662\r\n*Using components with known vulnerabilities (CWE-1035) - CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323, CVE-2014-2324\r\nThe product uses previous versions of vsfpd and lighttpd with known vulnerabilities.\r\n\r\nCVE-2021-20656\r\nKouichirou Okada, Katsunari Yoshioka of Yokohama National University reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20657, CVE-2021-20658\r\nTakayuki Sasak, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2021-20659, CVE-2021-20660, CVE-2021-20661, CVE-2021-20662\r\nKouichirou Okada, Takayuki Sasaki, Katsunari Yoshioka of Yokohama National University reported these vulnerabilities to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nKouichirou Okada, Katsunari Yoshioka of Yokohama National University reported to IPA that CVE-2011-0762, CVE-2011-4362, CVE-2013-4508, CVE-2013-4559, CVE-2013-4560, CVE-2014-2323 and CVE-2014-2324 vulnerabilities still exist in the product. JPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000016.html",
  "sec:cpe": {
    "#text": "cpe:/o:contec:sv-cpt-mc310_firmware",
    "@product": "SolarView Compact SV-CPT-MC310",
    "@vendor": "Contec",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2021-000016",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN37417423/index.html",
      "@id": "JVN#37417423",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0762",
      "@id": "CVE-2011-0762",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4362",
      "@id": "CVE-2011-4362",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4508",
      "@id": "CVE-2013-4508",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4559",
      "@id": "CVE-2013-4559",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4560",
      "@id": "CVE-2013-4560",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2323",
      "@id": "CVE-2014-2323",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2324",
      "@id": "CVE-2014-2324",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20656",
      "@id": "CVE-2021-20656",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20657",
      "@id": "CVE-2021-20657",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20658",
      "@id": "CVE-2021-20658",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20659",
      "@id": "CVE-2021-20659",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20660",
      "@id": "CVE-2021-20660",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20661",
      "@id": "CVE-2021-20661",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20662",
      "@id": "CVE-2021-20662",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-0762",
      "@id": "CVE-2011-0762",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2011-4362",
      "@id": "CVE-2011-4362",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4508",
      "@id": "CVE-2013-4508",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4559",
      "@id": "CVE-2013-4559",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2013-4560",
      "@id": "CVE-2013-4560",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-2323",
      "@id": "CVE-2014-2323",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2014-2324",
      "@id": "CVE-2014-2324",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20656",
      "@id": "CVE-2021-20656",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20657",
      "@id": "CVE-2021-20657",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20658",
      "@id": "CVE-2021-20658",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20659",
      "@id": "CVE-2021-20659",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20660",
      "@id": "CVE-2021-20660",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20661",
      "@id": "CVE-2021-20661",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20662",
      "@id": "CVE-2021-20662",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-22",
      "@title": "Path Traversal(CWE-22)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Multiple vulnerabilities in SolarView Compact"
}

jvndb-2022-002112
Vulnerability from jvndb
Published
2022-08-03 17:40
Modified
2024-06-14 15:21
Severity ?
Summary
CONTEC SolarView Compact vulnerable to insufficient verification in uploading files
Details
SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. The image file management page of SolarView Compact contains an insufficient verification vulnerability when uploadi webray reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.ng files (CWE-20).
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002112.html",
  "dc:date": "2024-06-14T15:21+09:00",
  "dcterms:issued": "2022-08-03T17:40+09:00",
  "dcterms:modified": "2024-06-14T15:21+09:00",
  "description": "SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System.\r\nThe image file management page of SolarView Compact contains an insufficient verification vulnerability when uploadi\r\n\r\nwebray reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.ng files (CWE-20).",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002112.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware",
      "@product": "SolarView Compact SV-CPT-MC310F",
      "@vendor": "Contec",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310_firmware",
      "@product": "SolarView Compact SV-CPT-MC310",
      "@vendor": "Contec",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "8.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2022-002112",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU93696585/",
      "@id": "JVNVU#93696585",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-35239",
      "@id": "CVE-2022-35239",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-35239",
      "@id": "CVE-2022-35239",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "CONTEC SolarView Compact vulnerable to insufficient verification in uploading files"
}

jvndb-2022-001923
Vulnerability from jvndb
Published
2022-05-27 15:28
Modified
2024-06-20 11:34
Severity ?
Summary
Multiple vulnerabilities in CONTEC SolarView Compact
Details
SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. SolarView Compact contains multiple vulnerabilities listed below. OS command injection (CWE-78) - CVE-2022-29303 Improper validation of input values on the send test mail console of the product's web server may result in OS command injection. Directory traversal (CWE-23) - CVE-2022-29298 Improper validation of a URL on the download page of the product's web server may allow a remote attacker to view and obtain an arbitrary file. Information disclosure (CWE-200) - CVE-2022-29302 The hidden page which enables to edit the product's web server contents exists in the product's web server, and a remote attacker to read and/or alter an arbitrary file on the web server via the hidden page. OS command injection (CWE-78) - CVE-2022-40881 Improper validation of input values on Check Network Communication Page of the product's web server may result in an arbitrary OS command execution. OS command injection (CWE-78) - CVE-2023-23333 Improper validation of input values on the download page of the product's web server may result in an arbitrary OS command execution. CVE-2022-29298 Jongheon Yan of S2W Inc reported CONTEC CO., LTD. that the fix for the vulnerability was insufficient in Ver.6.5. CONTEC CO., LTD. and JPCERT/CC updated respective advisories.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001923.html",
  "dc:date": "2024-06-20T11:34+09:00",
  "dcterms:issued": "2022-05-27T15:28+09:00",
  "dcterms:modified": "2024-06-20T11:34+09:00",
  "description": "SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. SolarView Compact contains multiple vulnerabilities listed below.\r\n\r\nOS command injection (CWE-78) - CVE-2022-29303\r\nImproper validation of input values on the send test mail console of the product\u0027s web server may result in OS command injection.\r\n\r\nDirectory traversal (CWE-23) - CVE-2022-29298\r\nImproper validation of a URL on the download page of the product\u0027s web server may allow a remote attacker to view and obtain an arbitrary file.\r\n\r\nInformation disclosure (CWE-200) - CVE-2022-29302\r\nThe hidden page which enables to edit the product\u0027s web server contents exists in the product\u0027s web server, and a remote attacker to read and/or alter an arbitrary file on the web server via the hidden page.\r\n\r\nOS command injection (CWE-78) - CVE-2022-40881\r\nImproper validation of input values on Check Network Communication Page of the product\u0027s web server may result in an arbitrary OS command execution.\r\n\r\nOS command injection (CWE-78) - CVE-2023-23333\r\nImproper validation of input values on the download page of the product\u0027s web server may result in an arbitrary OS command execution.\r\n\r\nCVE-2022-29298\r\nJongheon Yan of S2W Inc reported CONTEC CO., LTD. that the fix for the vulnerability was insufficient in Ver.6.5. CONTEC CO., LTD. and JPCERT/CC updated respective advisories.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001923.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware",
      "@product": "SolarView Compact SV-CPT-MC310F",
      "@vendor": "Contec",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware",
      "@product": "SolarView Compact SV-CPT-MC310F",
      "@vendor": "Contec",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310_firmware",
      "@product": "SolarView Compact SV-CPT-MC310",
      "@vendor": "Contec",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310_firmware",
      "@product": "SolarView Compact SV-CPT-MC310",
      "@vendor": "Contec",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-001923",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU92327282/index.html",
      "@id": "JVNVU#92327282",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29303",
      "@id": "CVE-2022-29303",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29298",
      "@id": "CVE-2022-29298",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29302",
      "@id": "CVE-2022-29302",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-40881",
      "@id": "CVE-2022-40881",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-23333",
      "@id": "CVE-2023-23333",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29303",
      "@id": "CVE-2022-29303",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29298",
      "@id": "CVE-2022-29298",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29302",
      "@id": "CVE-2022-29302",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40881",
      "@id": "CVE-2022-40881",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23333",
      "@id": "CVE-2023-23333",
      "@source": "NVD"
    },
    {
      "#text": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
      "@id": "CVE-2022-29303",
      "@source": "CISA Known Exploited Vulnerabilities Catalog"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/23.html",
      "@id": "CWE-23",
      "@title": "Relative Path Traversal(CWE-23)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Multiple vulnerabilities in CONTEC SolarView Compact"
}