ICS-CERT - Industrial Control Systems Cyber Emergency Response Team has released the Advisory titled ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities. They Report about report multiple vulnerabilities with proof-of-concept (PoC) exploit code that affecting the Sinapsi eSolar Light Photovoltaic System Monitor which is a supervisory control and data acquisition (SCADA) monitoring product.
The US Department of Homeland Security is warning about vulnerabilities in a common SCADA (supervisory control and data acquisition) package that is used to remotely monitor and manage solar energy-generating power plants.
The eSolar Light Photovoltaic System Monitor is a SCADA product that allows solar power stations to simultaneously monitor different components of photovoltaic arrays, such as photovoltaic inverters, energy meters, gauges
The eSolar Light Photovoltaic System Monitor is a SCADA product that allows solar power stations to simultaneously monitor different components of photovoltaic arrays, such as photovoltaic inverters, energy meters, gauges
The disclosure was made by Roberto Paleari and Ivan Speziale, who described the vulnerable system as being the Schneider Electric Ezylog photovoltaic SCADA management server. ICS-CERT notes that the Italian company produces the system that is used by multiple vendors including Schneider Electric.
The software running on the affected devices is vulnerable to multiple security issues, that allow unauthenticated remote attackers to gain administrative access and execute arbitrary commands.
The multiple vulnerabilities reported were:
• Hard-coded Credentials
• SQL Injection
• Command Execution
• Broken Session Enforcement
You can Get Exploit here. The researchers released the vulnerability without coordination with either the vendor or ICS-CERT. The vendor is aware of the report and ICS-CERT asked the vendor to confirm the vulnerability and identify mitigation.
Subscribe to our Daily Newsletter via email - Be First to know about Security and Hackers. or Join our Huge Hackers Community on Facebook, Google+ and Twitter.