4

Actively Exploited Vulnerability Threatens Hundreds of Solar Power Stations - Sl...

 1 year ago
source link: https://it.slashdot.org/story/23/07/05/2316238/actively-exploited-vulnerability-threatens-hundreds-of-solar-power-stations
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Actively Exploited Vulnerability Threatens Hundreds of Solar Power Stationsbinspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror

Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!Sign up for the Slashdot newsletter! or check out the new Slashdot job board to browse remote jobs or jobs in your area
×
An anonymous reader quotes a report from Ars Technica: Hundreds of Internet-exposed devices inside solar farms remain unpatched against a critical and actively exploited vulnerability that makes it easy for remote attackers to disrupt operations or gain a foothold inside the facilities. The devices, sold by Osaka, Japan-based Contec under the brand name SolarView, help people inside solar facilities monitor the amount of power they generate, store, and distribute. Contec says that roughly 30,000 power stations have introduced the devices, which come in various packages based on the size of the operation and the type of equipment it uses.

Searches on Shodan indicate that more than 600 of them are reachable on the open Internet. As problematic as that configuration is, researchers from security firm VulnCheck said Wednesday, more than two-thirds of them have yet to install an update that patches CVE-2022-29303, the tracking designation for a vulnerability with a severity rating of 9.8 out of 10. The flaw stems from the failure to neutralize potentially malicious elements included in user-supplied input, leading to remote attacks that execute malicious commands. Security firm Palo Alto Networks said last month the flaw was under active exploit by an operator of Mirai, an open source botnet consisting of routers and other so-called Internet of Things devices. The compromise of these devices could cause facilities that use them to lose visibility into their operations, which could result in serious consequences depending on where the vulnerable devices are used.

"The fact that a number of these systems are Internet facing and that the public exploits have been available long enough to get rolled into a Mirai-variant is not a good situation," VulnCheck researcher Jacob Baines wrote. "As always, organizations should be mindful of which systems appear in their public IP space and track public exploits for systems that they rely on." Baines said that the same devices vulnerable to CVE-2022-29303 were also vulnerable to CVE-2023-23333, a newer command-injection vulnerability that also has a severity rating of 9.8. Although there are no known reports of it being actively exploited, exploit code has been publicly available since February. Incorrect descriptions for both vulnerabilities are one factor involved in the patch failures, Baines said. Both vulnerabilities indicate that SolarView versions 8.00 and 8.10 are patched against CVE-2022-29303 and CVE-2023-293333. In fact, the researcher said, only 8.10 is patched against the threats.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK