All the vulnerabilites related to Contec - SolarView Compact SV-CPT-MC310F
jvndb-2022-002112
Vulnerability from jvndb
Published
2022-08-03 17:40
Modified
2024-06-14 15:21
Severity ?
Summary
CONTEC SolarView Compact vulnerable to insufficient verification in uploading files
Details
SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. The image file management page of SolarView Compact contains an insufficient verification vulnerability when uploadi webray reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.ng files (CWE-20).
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002112.html",
  "dc:date": "2024-06-14T15:21+09:00",
  "dcterms:issued": "2022-08-03T17:40+09:00",
  "dcterms:modified": "2024-06-14T15:21+09:00",
  "description": "SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System.\r\nThe image file management page of SolarView Compact contains an insufficient verification vulnerability when uploadi\r\n\r\nwebray reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.ng files (CWE-20).",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-002112.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware",
      "@product": "SolarView Compact SV-CPT-MC310F",
      "@vendor": "Contec",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310_firmware",
      "@product": "SolarView Compact SV-CPT-MC310",
      "@vendor": "Contec",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "8.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2022-002112",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU93696585/",
      "@id": "JVNVU#93696585",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-35239",
      "@id": "CVE-2022-35239",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-35239",
      "@id": "CVE-2022-35239",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "CONTEC SolarView Compact vulnerable to insufficient verification in uploading files"
}

jvndb-2023-001774
Vulnerability from jvndb
Published
2023-05-09 16:09
Modified
2024-06-27 13:30
Severity ?
Summary
Multiple vulnerabilities in SolarView Compact
Details
SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below. * Use of hard-coded credentials (CWE-798) - CVE-2023-27512 * OS command injection in the download page (CWE-78) - CVE-2023-27514 * Buffer overflow in the multiple setting pages (CWE-120) - CVE-2023-27518 * OS command injection in the mail setting page (CWE-78) - CVE-2023-27521 * Improper access control in the system date/time setting page (CWE-284) - CVE-2023-27920 CVE-2023-27512, CVE-2023-27514, CVE-2023-27518, CVE-2023-27521 Chuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC. JPCERT/CC coordinated with the developer. CVE-2023-27920 CONTEC CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solutions through JVN.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001774.html",
  "dc:date": "2024-06-27T13:30+09:00",
  "dcterms:issued": "2023-05-09T16:09+09:00",
  "dcterms:modified": "2024-06-27T13:30+09:00",
  "description": "SolarView Compact provided by CONTEC CO.,LTD. contains multiple vulnerabilities listed below.\r\n\r\n  * Use of hard-coded credentials (CWE-798) - CVE-2023-27512\r\n  * OS command injection in the download page (CWE-78) - CVE-2023-27514\r\n  * Buffer overflow in the multiple setting pages (CWE-120) - CVE-2023-27518\r\n  * OS command injection in the mail setting page (CWE-78) - CVE-2023-27521\r\n  * Improper access control in the system date/time setting page (CWE-284) - CVE-2023-27920\r\n\r\nCVE-2023-27512, CVE-2023-27514, CVE-2023-27518, CVE-2023-27521\r\nChuya Hayakawa of 00One, Inc. reported these vulnerabilities to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.\r\n\r\nCVE-2023-27920\r\nCONTEC CO.,LTD. reported this vulnerability to JPCERT/CC to notify users of its solutions through JVN.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-001774.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware",
      "@product": "SolarView Compact SV-CPT-MC310F",
      "@vendor": "Contec",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310_firmware",
      "@product": "SolarView Compact SV-CPT-MC310",
      "@vendor": "Contec",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "8.8",
    "@severity": "High",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2023-001774",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU92106300/index.html",
      "@id": "JVNVU#92106300",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27512",
      "@id": "CVE-2023-27512",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27514",
      "@id": "CVE-2023-27514",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27518",
      "@id": "CVE-2023-27518",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27521",
      "@id": "CVE-2023-27521",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-27920",
      "@id": "CVE-2023-27920",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27512",
      "@id": "CVE-2023-27512",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27514",
      "@id": "CVE-2023-27514",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27518",
      "@id": "CVE-2023-27518",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27521",
      "@id": "CVE-2023-27521",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-27920",
      "@id": "CVE-2023-27920",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/120.html",
      "@id": "CWE-120",
      "@title": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)(CWE-120)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/284.html",
      "@id": "CWE-284",
      "@title": "Improper Access Control(CWE-284)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/798.html",
      "@id": "CWE-798",
      "@title": "Use of Hard-coded Credentials(CWE-798)"
    }
  ],
  "title": "Multiple vulnerabilities in SolarView Compact"
}

jvndb-2022-001923
Vulnerability from jvndb
Published
2022-05-27 15:28
Modified
2024-06-20 11:34
Severity ?
Summary
Multiple vulnerabilities in CONTEC SolarView Compact
Details
SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. SolarView Compact contains multiple vulnerabilities listed below. OS command injection (CWE-78) - CVE-2022-29303 Improper validation of input values on the send test mail console of the product's web server may result in OS command injection. Directory traversal (CWE-23) - CVE-2022-29298 Improper validation of a URL on the download page of the product's web server may allow a remote attacker to view and obtain an arbitrary file. Information disclosure (CWE-200) - CVE-2022-29302 The hidden page which enables to edit the product's web server contents exists in the product's web server, and a remote attacker to read and/or alter an arbitrary file on the web server via the hidden page. OS command injection (CWE-78) - CVE-2022-40881 Improper validation of input values on Check Network Communication Page of the product's web server may result in an arbitrary OS command execution. OS command injection (CWE-78) - CVE-2023-23333 Improper validation of input values on the download page of the product's web server may result in an arbitrary OS command execution. CVE-2022-29298 Jongheon Yan of S2W Inc reported CONTEC CO., LTD. that the fix for the vulnerability was insufficient in Ver.6.5. CONTEC CO., LTD. and JPCERT/CC updated respective advisories.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001923.html",
  "dc:date": "2024-06-20T11:34+09:00",
  "dcterms:issued": "2022-05-27T15:28+09:00",
  "dcterms:modified": "2024-06-20T11:34+09:00",
  "description": "SolarView Compact provided by CONTEC CO., LTD. is PV Measurement System. SolarView Compact contains multiple vulnerabilities listed below.\r\n\r\nOS command injection (CWE-78) - CVE-2022-29303\r\nImproper validation of input values on the send test mail console of the product\u0027s web server may result in OS command injection.\r\n\r\nDirectory traversal (CWE-23) - CVE-2022-29298\r\nImproper validation of a URL on the download page of the product\u0027s web server may allow a remote attacker to view and obtain an arbitrary file.\r\n\r\nInformation disclosure (CWE-200) - CVE-2022-29302\r\nThe hidden page which enables to edit the product\u0027s web server contents exists in the product\u0027s web server, and a remote attacker to read and/or alter an arbitrary file on the web server via the hidden page.\r\n\r\nOS command injection (CWE-78) - CVE-2022-40881\r\nImproper validation of input values on Check Network Communication Page of the product\u0027s web server may result in an arbitrary OS command execution.\r\n\r\nOS command injection (CWE-78) - CVE-2023-23333\r\nImproper validation of input values on the download page of the product\u0027s web server may result in an arbitrary OS command execution.\r\n\r\nCVE-2022-29298\r\nJongheon Yan of S2W Inc reported CONTEC CO., LTD. that the fix for the vulnerability was insufficient in Ver.6.5. CONTEC CO., LTD. and JPCERT/CC updated respective advisories.",
  "link": "https://jvndb.jvn.jp/en/contents/2022/JVNDB-2022-001923.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware",
      "@product": "SolarView Compact SV-CPT-MC310F",
      "@vendor": "Contec",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310f_firmware",
      "@product": "SolarView Compact SV-CPT-MC310F",
      "@vendor": "Contec",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310_firmware",
      "@product": "SolarView Compact SV-CPT-MC310",
      "@vendor": "Contec",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:contec:sv-cpt-mc310_firmware",
      "@product": "SolarView Compact SV-CPT-MC310",
      "@vendor": "Contec",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
      "@version": "2.0"
    },
    {
      "@score": "9.8",
      "@severity": "Critical",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2022-001923",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU92327282/index.html",
      "@id": "JVNVU#92327282",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29303",
      "@id": "CVE-2022-29303",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29298",
      "@id": "CVE-2022-29298",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-29302",
      "@id": "CVE-2022-29302",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2022-40881",
      "@id": "CVE-2022-40881",
      "@source": "CVE"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-23333",
      "@id": "CVE-2023-23333",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29303",
      "@id": "CVE-2022-29303",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29298",
      "@id": "CVE-2022-29298",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-29302",
      "@id": "CVE-2022-29302",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2022-40881",
      "@id": "CVE-2022-40881",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-23333",
      "@id": "CVE-2023-23333",
      "@source": "NVD"
    },
    {
      "#text": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
      "@id": "CVE-2022-29303",
      "@source": "CISA Known Exploited Vulnerabilities Catalog"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/23.html",
      "@id": "CWE-23",
      "@title": "Relative Path Traversal(CWE-23)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    }
  ],
  "title": "Multiple vulnerabilities in CONTEC SolarView Compact"
}