Vulnerability intelligence company VulnCheck has issued a warning about an actively exploited vulnerability in Contec’s SolarView solar power monitoring product, which could expose hundreds of energy organizations to attacks. Palo Alto Networks reported that a Mirai variant has been exploiting the vulnerability, CVE-2022-29303, to compromise devices and create a botnet. The security hole was patched in version 8.0, but older versions dating back to 4.0 are affected.
Over 400 internet-exposed SolarView systems are running vulnerable versions. Exploitation of the vulnerability could have a significant impact, especially if integrated into a solar power generation site, potentially causing loss of productivity and revenue. Other SolarView vulnerabilities, such as CVE-2023-23333 and CVE-2022-44354, are also potential targets for exploitation.