Solar-Log Base 15

MonitorCVSS 5.4ICS-CERT ICSA-24-303-02Oct 29, 2024

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionRequired

Summary

Solar-Log Base 15 firmware versions prior to 6.2.0-170 contain a cross-site scripting (XSS) vulnerability in the web interface. An authenticated attacker can inject malicious scripts that execute in the context of other users' browsers, potentially leading to unauthorized access or configuration changes. The vulnerability requires valid login credentials and user interaction to be exploited.

What this means

What could happen

An attacker with valid login credentials could inject malicious code into the Solar-Log Base 15 web interface, potentially modifying how the device logs or displays solar energy production data or compromising other users' sessions.

Who's at risk

Solar-Log Base 15 device users and operators should prioritize this update. Solar-Log is a solar photovoltaic monitoring and control device used in renewable energy installations, data centers with solar generation, and commercial/industrial solar farms. System administrators and staff who access the Base 15 web interface are at risk of session compromise.

How it could be exploited

An authenticated attacker accesses the Solar-Log Base 15 web interface and injects JavaScript or HTML code through a parameter that lacks proper validation. When other users (including administrators) view the affected page, the malicious code executes in their browser, allowing credential theft or unauthorized configuration changes.

Prerequisites

Valid login credentials for Solar-Log Base 15 web interface
Network access to the Base 15 device web port (typically HTTP/HTTPS)
Victim user must visit the affected page after injection

remotely exploitablerequires valid authenticationlow complexity attackaffects monitoring/logging device

Exploitability

Unlikely to be exploited — EPSS score 0.2%

Public Proof-of-Concept (PoC) on GitHub (1 repository)

Affected products (1)

ProductAffected VersionsFix Status

Base 15: Firmware_6.0.1_Build_161Firmware 6.0.1 Build 1616.2.0-170

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDRestrict network access to Solar-Log Base 15 web interface to trusted IP addresses only using firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate Solar-Log Base 15 firmware to version 6.2.0-170 or later

Long-term hardening

0/2

HARDENINGPlace Solar-Log Base 15 behind a firewall and isolate from the business network if internet access is not required for operations

HARDENINGIf remote access to Solar-Log Base 15 is required, implement a VPN gateway and disable direct internet exposure

CVEs (1)

CVE-2023-46344

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/76d38d6e-649e-44ee-a5e5-fd5879efd4c5

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.