Improper Access Control in SolarView Compact Products by Contec
CVE-2023-27920

4.3MEDIUM

Key Information:

Vendor: Contec Co., Ltd.
Status: Solarview Compact
Vendor: CVE Published:; 23 May 2023

🔔 Create Contec Co., Ltd. Vulnerability Alert

What is CVE-2023-27920?

An improper access control vulnerability exists in the system date/time setting page of SolarView Compact SV-CPT-MC310 and SV-CPT-MC310F. This flaw allows a remote authenticated attacker to modify the system date and time settings, potentially leading to significant consequences for time-sensitive operations. It is crucial for users of affected versions to apply the latest firmware updates to mitigate this risk.

Affected Version(s)

SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10

References

https://www.contec.com/jp/download/donwload-list/?itemid=...

https://www.contec.com/jp/api/downloadlogger?download=/-/...

https://jvn.jp/en/vu/JVNVU92106300/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2023
Vulnerability Reserved
Mar 15, 2023