CVE-2021-20658
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary operating system commands on SolarView Compact SV-CPT-MC310 devices with web server privileges. Attackers can potentially take full control of affected systems without authentication. Organizations using SolarView Compact SV-CPT-MC310 prior to version 6.5 are affected.
💻 Affected Systems
- SolarView Compact SV-CPT-MC310
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to install malware, pivot to internal networks, disrupt operations, and steal sensitive data from the monitoring system.
Likely Case
Attackers gain web server privileges to execute commands, potentially installing backdoors, modifying system configurations, or accessing connected industrial control systems.
If Mitigated
With proper network segmentation and access controls, impact is limited to the SolarView device itself without lateral movement to critical systems.
🎯 Exploit Status
The vulnerability allows OS command injection via unspecified vectors in the web interface, making exploitation straightforward for attackers.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 6.5 or later
Vendor Advisory: https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf
Restart Required: Yes
Instructions:
1. Download firmware version 6.5 or later from Contec's official website. 2. Follow the vendor's firmware update procedure documented in the device manual. 3. Verify the update completed successfully and the device is running version 6.5 or higher.
🔧 Temporary Workarounds
Network Segmentation
allIsolate SolarView devices from the internet and restrict access to authorized networks only.
Access Control Lists
linuxImplement firewall rules to restrict access to the SolarView web interface (typically port 80/443).
iptables -A INPUT -p tcp --dport 80 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP
🧯 If You Can't Patch
- Immediately isolate the device from internet access and place behind a firewall with strict access controls.
- Monitor network traffic to/from the device for unusual patterns or command execution attempts.
🔍 How to Verify
Check if Vulnerable:
Check the firmware version via the web interface (typically under System Information or About page). If version is below 6.5, the device is vulnerable.Check Version:
curl -s http://device-ip/system_info | grep -i versionVerify Fix Applied:
After updating, verify the firmware version shows 6.5 or higher in the web interface and test that command injection attempts are blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in web server logs
- Multiple failed login attempts followed by successful access
- Suspicious POST requests with shell metacharacters
Network Indicators:
- Unusual outbound connections from SolarView device
- Traffic patterns indicating command and control communication
- Unexpected port scans originating from the device
SIEM Query:
source="solarview_logs" AND ("cmd.exe" OR "bash" OR "sh" OR "powershell" OR "|" OR ";" OR "$" OR "`")🔗 References
- https://jvn.jp/en/jp/JVN37417423/index.html
- https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf
- https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf
- https://jvn.jp/en/jp/JVN37417423/index.html
- https://www.contec.com/jp/api/downloadlogger?download=https://www.contec.com/jp/-/media/contec/jp/support/security-info/contec_security_solarview_210216.pdf
- https://www.contec.com/jp/download/contract/contract2/?itemid=b28c8b7c-9f40-40b2-843c-b5b04c035b0e&downloaditemid=fa248fba-8901-4d9e-8212-b139f2defbdf
