CVE-2022-29303 flaw in SolarView product can be exploited in attacks against the energy sector

From securityaffairs.com

Researchers from the cybersecurity firm VulnCheck reported that the vulnerability CVE-2022-29303 in the solar power monitoringContec SolarView product can be exploited in attacks targeting organizations in the energy sector.

CVE-2022-29303 is an unauthenticated and remote command injection vulnerability impacting the Contec SolarView Series. Researchers at VulnCheck analyzed a number of public exploits for the above issue to determine the potential scale and impact of its exploitation.

According to Contec, the SolarView has been introduced at more than 30,000 power stations.

Hundreds of organizations in the energy sector could be exposed to cyber attacks exploiting the above issue that is known to be actively exploited in the wild.

Since March 2023, researchers at Palo Alto Networks Unit 42 have observed a new variant of the Mirai botnet targeting multiple vulnerabilities in popular IoT devices, including the CVE-2022-29303.

Read more…