OTPulse
FeedAboutContact

Solar-Log Base 15

Monitor5.4ICS-CERT ICSA-24-303-02Oct 29, 2024
Attack VectorNetwork
Auth RequiredLow
ComplexityLow
User InteractionRequired
Summary

A cross-site scripting (XSS) vulnerability exists in Solar-Log Base 15 firmware version 6.0.1 Build 161 and earlier. The vulnerability allows an authenticated attacker to inject malicious JavaScript code that executes in the context of other users' web browser sessions. Exploitation could allow an attacker to steal session credentials, modify system configuration, or manipulate the web interface.

What this means
What could happen
An attacker with network access and login credentials could perform cross-site scripting (XSS) attacks against other users of the Solar-Log Base 15 web interface, potentially stealing session credentials or redirecting them to malicious sites. This could lead to unauthorized changes to energy monitoring or system configuration.
Who's at risk
Solar energy installers and facilities operators who manage Solar-Log Base 15 monitoring systems are affected. This impacts renewable energy sites, solar farms, and any facility with distributed solar generation that relies on Solar-Log Base 15 for performance monitoring and system management.
How it could be exploited
An attacker with valid credentials logs into the Solar-Log Base 15 web interface and injects malicious JavaScript code into a form field or parameter. When another authenticated user views the affected page, the script executes in their browser session, allowing the attacker to steal their credentials, modify system settings, or cause the interface to behave unexpectedly.
Prerequisites
  • Network access to the Solar-Log Base 15 web interface (typically port 80/443)
  • Valid login credentials for the web interface
  • Ability to get another user to view a page containing the injected code
remotely exploitablerequires valid credentialslow CVSS score (5.4)affects web interface used by multiple operators
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (1)
ProductAffected VersionsFix Status
Base 15: Firmware_6.0.1_Build_161Firmware 6.0.1 Build 1616.2.0-170
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGPlace Solar-Log Base 15 behind a firewall and restrict web interface access to authorized networks only (not accessible from the internet)
HARDENINGImplement a VPN for any required remote access to the Solar-Log Base 15 web interface and ensure the VPN is configured securely
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Solar-Log Base 15 firmware to version 6.2.0-170 or later
Long-term hardening
0/1
HARDENINGIsolate the Solar-Log Base 15 network from the business network to limit lateral movement if the web interface is compromised
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/76d38d6e-649e-44ee-a5e5-fd5879efd4c5
Solar-Log Base 15 | CVSS 5.4 - OTPulse