"Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks"
Security researchers at VulnCheck have found that hundreds of energy organizations could be exposed to attacks due to an actively exploited vulnerability affecting a solar power monitoring product made by Contec. Contec specializes in custom embedded computing, industrial automation, and IoT communication technology. The company’s SolarView solar power monitoring and visualization product is used at more than 30,000 power stations, according to its website. The vulnerability is tracked as CVE-2022-29303 and is described as a code injection issue affecting SolarView version 6.0. The vulnerability can be exploited remotely by unauthenticated attackers. The researchers noted that the security hole was only patched with the release of version 8.0, and versions dating back to at least 4.0 are impacted. A Shodan search shows more than 600 internet-exposed SolarView systems, including over 400 running vulnerable versions.