CVE-2022-47767

Exploit

EPSS 0.48%
Veröffentlicht 26.01.2023 21:18:05
Zuletzt bearbeitet 01.04.2025 15:15:56
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Solar-log ≫ Solar-log 250 Firmware Version < 4.2.8_117

Solar-log ≫ Solar-log 250 Version-

Solar-log ≫ Solar-log 250 Firmware Version >= 5.0.0 < 5.1.2_156

Solar-log ≫ Solar-log 250 Version-

Solar-log ≫ Solar-log 300 Firmware Version < 4.2.8_117

Solar-log ≫ Solar-log 300 Version-

Solar-log ≫ Solar-log 300 Firmware Version >= 5.0.0 < 5.1.2_156

Solar-log ≫ Solar-log 300 Version-

Solar-log ≫ Solar-log 500 Firmware Version < 4.2.8_117

Solar-log ≫ Solar-log 500 Version-

Solar-log ≫ Solar-log 500 Firmware Version >= 5.0.0 < 5.1.2_156

Solar-log ≫ Solar-log 500 Version-

Solar-log ≫ Solar-log 800e Firmware Version < 4.2.8_117

Solar-log ≫ Solar-log 800e Version-

Solar-log ≫ Solar-log 800e Firmware Version >= 5.0.0 < 5.1.2_156

Solar-log ≫ Solar-log 800e Version-

Solar-log ≫ Solar-log 1000 Firmware Version < 4.2.8_117

Solar-log ≫ Solar-log 1000 Version-

Solar-log ≫ Solar-log 1000 Firmware Version >= 5.0.0 < 5.1.2_156

Solar-log ≫ Solar-log 1000 Version-

Solar-log ≫ Solar-log 1200 Firmware Version < 4.2.8_117

Solar-log ≫ Solar-log 1200 Version-

Solar-log ≫ Solar-log 1200 Firmware Version >= 5.0.0 < 5.1.2_156

Solar-log ≫ Solar-log 1200 Version-

Solar-log ≫ Solar-log 2000 Firmware Version < 4.2.8_117

Solar-log ≫ Solar-log 2000 Version-

Solar-log ≫ Solar-log 2000 Firmware Version >= 5.0.0 < 5.1.2_156

Solar-log ≫ Solar-log 2000 Version-

Solar-log ≫ Solar-log 500 Firmware Version < 4.2.8_117

Solar-log ≫ Solar-log 500 Version-

Solar-log ≫ Solar-log 500 Firmware Version >= 5.0.0 < 5.1.2_156

Solar-log ≫ Solar-log 500 Version-

Solar-log ≫ Solar-log 50 Firmware Version < 4.2.8_117

Solar-log ≫ Solar-log 50 Version-

Solar-log ≫ Solar-log 50 Firmware Version >= 5.0.0 < 5.1.2_156

Solar-log ≫ Solar-log 50 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.48%	0.646

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-912 Hidden Functionality

The product contains functionality that is not documented, not part of the specification, and not accessible through an interface or command sequence that is obvious to the product's users or administrators.

https://www.solar-log.com/en/support/firmware-database-1

Vendor Advisory

https://www.swascan.com/security-advisory-solar-log/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-47767

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-47767

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-47767

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-47767