CVE-2022-47767

A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
VendorProductVersion
solar-logsolar-log_250_firmware
𝑥
< 4.2.8_117
solar-logsolar-log_250_firmware
5.0.0 ≤
𝑥
< 5.1.2_156
solar-logsolar-log_300_firmware
𝑥
< 4.2.8_117
solar-logsolar-log_300_firmware
5.0.0 ≤
𝑥
< 5.1.2_156
solar-logsolar-log_500_firmware
𝑥
< 4.2.8_117
solar-logsolar-log_500_firmware
5.0.0 ≤
𝑥
< 5.1.2_156
solar-logsolar-log_800e_firmware
𝑥
< 4.2.8_117
solar-logsolar-log_800e_firmware
5.0.0 ≤
𝑥
< 5.1.2_156
solar-logsolar-log_1000_firmware
𝑥
< 4.2.8_117
solar-logsolar-log_1000_firmware
5.0.0 ≤
𝑥
< 5.1.2_156
solar-logsolar-log_1000_pm\+_firmware
𝑥
< 4.2.8_117
solar-logsolar-log_1000_pm\+_firmware
5.0.0 ≤
𝑥
< 5.1.2_156
solar-logsolar-log_1200_firmware
𝑥
< 4.2.8_117
solar-logsolar-log_1200_firmware
5.0.0 ≤
𝑥
< 5.1.2_156
solar-logsolar-log_2000_firmware
𝑥
< 4.2.8_117
solar-logsolar-log_2000_firmware
5.0.0 ≤
𝑥
< 5.1.2_156
solar-logsolar-log_500_firmware
𝑥
< 4.2.8_117
solar-logsolar-log_500_firmware
5.0.0 ≤
𝑥
< 5.1.2_156
solar-logsolar-log_50_firmware
𝑥
< 4.2.8_117
solar-logsolar-log_50_firmware
5.0.0 ≤
𝑥
< 5.1.2_156
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.solar-log.com/en/support/firmware-database-1
https://www.swascan.com/security-advisory-solar-log/
https://www.solar-log.com/en/support/firmware-database-1
https://www.swascan.com/security-advisory-solar-log/