146 matches found
CVE-2021-34544
CVE-2021-34544 affects Solar-Log 500 (and related models) where cleartext passwords are stored in /export.html, /email.html, and /sms.html. The issue exists in Solar-Log 500 prior to 2.8.2 Build 52 (dated 23.04.2013) and is mitigated by upgrading to Solar-Log 3.0.0-60 or later (3.0.0-60 fixed 11....
CVE-2021-34543
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require authentication, which allows remote attackers to gain administrative privileges by connecting to the server. As a result, the attacker can modify configuration files and change the system status. Fixed with...
CVE-2021-34543
CVE-2021-34543 affects Solar-Log 500 (and related SL models) where the web administration server before version 2.8.2 Build 52 does not require authentication, enabling remote attackers to gain administrative privileges by connecting to the server and modify configuration files or system status. ...
PT-2021-20538 · Unknown · Solar-Log 500
Name of the Vulnerable Software and Affected Versions: Solar-Log 500 versions prior to 2.8.2 Build 52 Description: The web administration server does not require authentication, allowing remote attackers to gain administrative privileges by connecting to the server. This enables the attacker to...
Solar-Log 500 访问控制错误漏洞
Solar-Log is a data logger for monitoring PV plants from Solar-Log GmbH in Germany. Solar-Log 500 has a security vulnerability that could be exploited by an attacker to gain administrative privileges by connecting to the server...
Solar-Log 500 安全漏洞
Solar-Log is a data logger used to monitor photovoltaic power plants from Solar-Log GmbH in Germany. Solar-Log 500 has a security vulnerability that could be exploited by an attacker with access to the device to read sensitive information...
PT-2021-20539 · Unknown · Solar-Log 200 +2
Name of the Vulnerable Software and Affected Versions: Solar-Log 500 versions prior to 2.8.2 Build 52 23.04.2013 Solar-Log 200 versions prior to 3.0.0-60 11.10.2013 Solar-Log 1000 versions prior to 3.0.0-60 11.10.2013 Description: An issue was discovered in the affected software where cleartext...
Solar-Log 500 2.8.2 Incorrect Access Control
Exploit Title: Solar-Log 500 2.8.2 - Incorrect Access Control Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP"" Date: 2021-06-11 Exploit Author: Luca.Chiou Vendor Homepage: https://www.solar-log.com/en/ Software Link: Firmware for Solar-Log...
Solar-Log 500 2.8.2 - Unprotected Storage of Credentials Vulnerability
Exploit Title: Solar-Log 500 2.8.2 - Unprotected Storage of Credentials Google Dork: In Shodan search engine, the filter is ""Server: email protected"" Exploit Author: Luca.Chiou Vendor Homepage: https://www.solar-log.com/en/ Software Link: Firmware for Solar-Log...
Solar-Log 500 2.8.2 - Incorrect Access Control Vulnerability
Exploit Title: Solar-Log 500 2.8.2 - Incorrect Access Control Google Dork: In Shodan search engine, the filter is ""Server: email protected"" Exploit Author: Luca.Chiou Vendor Homepage: https://www.solar-log.com/en/ Software Link: Firmware for Solar-Log...
Solar-Log 500 2.8.2 Password Disclosure
Exploit Title: Solar-Log 500 2.8.2 - Unprotected Storage of Credentials Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP"" Date: 2021-06-11 Exploit Author: Luca.Chiou Vendor Homepage: https://www.solar-log.com/en/ Software Link: Firmware for Solar-Log...
Solar-Log 500 2.8.2 - Incorrect Access Control
Exploit Title: Solar-Log 500 2.8.2 - Incorrect Access Control Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP"" Date: 2021-06-11 Exploit Author: Luca.Chiou Vendor Homepage: https://www.solar-log.com/en/ Software Link: Firmware for Solar-Log...
Solar-Log 500 2.8.2 - Unprotected Storage of Credentials
Exploit Title: Solar-Log 500 2.8.2 - Unprotected Storage of Credentials Google Dork: In Shodan search engine, the filter is ""Server: IPC@CHIP"" Date: 2021-06-11 Exploit Author: Luca.Chiou Vendor Homepage: https://www.solar-log.com/en/ Software Link: Firmware for Solar-Log...
Solare Datensysteme Solar-Log Devices Cross-Site Request Forgery Vulnerability
Solare Datensysteme GmbH is a global service company providing solar monitoring. A cross-site request forgery vulnerability exists in Solare Datensysteme Solar-Log Devices, which can be exploited by an attacker to execute arbitrary script code on a user's browser on an affected website, and can...
Solar-Log CSRF / Information Disclosure / DoS / File Upload
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Solare Datensysteme GmbH Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000 vulnerable version: Firmware 2.8.4-56 / 3.5.2-85 fixed...
Solare Datensysteme Solar-Log Devices 2.8.4-56 / 3.5.2-85 - Multiple Vulnerabilities
Solare Datensysteme GmbH Solar-Log versions 250, 300, 500, 800e, 1000, 1000 PM+, 1200, and 2000 suffer from cross site request forgery, cross site scripting, file upload, information disclosure, and denial of service vulnerabilities title: Multiple vulnerabilities product: Solare Datensysteme Gmb...
Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple Vulnerabilities
Solare Datensysteme Solar-Log Devices 2.8.4-563.5.2-85 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Solare Datensysteme GmbH Solar-Log...
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Solare Datensysteme GmbH Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000 vulnerable version: Firmware 2.8.4-56 / 3.5.2-85 fixed...
The vulnerability of the microprogramming software in the Solar-Log photovoltaic system allows a malicious individual to execute arbitrary code and cause malfunctions in the system.
The vulnerability of the Microprogramming Software in the Solar-log photovoltaic system is related to errors in the code of the default web server component used. Exploiting this vulnerability allows a malicious individual to load files by specifying an arbitrary path, including paths to system...
The vulnerability of the microprogramming software in the Solar-Log photovoltaic system allows a remote attacker to gain unauthorized access to confidential information.
The vulnerability of the Microprogramming Software in the Solar-log photovoltaic system arises from the lack of password protection for CGI scripts used for data backup, restoration, and system configuration. Exploiting this vulnerability allows a malicious individual to gain unauthorized access ...