Meteocontrol Fixes The Flaws In Photovoltaic Data Logger
Meteocontrol is a Germany-based company that concentrates on the performance of solar monitoring solutions that has launched an update for one of its data classification products to deal with some of the remotely utilizable vulnerabilities.
The security researcher Karn Ganeshen found that the WEB’ log product of Meteocontrol that permits the organizations to centrally traced the data for their photovoltaic systems is overwhelmed by typical verification as well as flaws of the information revelation.
The susceptible SCADA system which is used in Europe and also in the United States in a small percentage of in the energy, water, typical manufacturing and also the sectors of profitable facilities.
According to an attorney published by ICS-CERT, Ganeshen found that all of the webpages in the administration of WEB’log interface are directly available without any kind of verification(CVE-2016-2296). The researcher also discovered that the product saves the confidential information in a clear text(CVE-2016-2298).
Ganeshen also determined a command shell-like feature that permits to anyone to implement the system commands without any verification (CVE-2016-2297).
The vulnerabilities infect all of the versions of WEB’log Basic 100, Light, Pro as well as Pro Unlimited. Meteocontrol has launched the latest version to deal with the security holes.
The defects can be remotely broken even by a hacker with a very low skill. On the other hand, the vendor noticed that its product should be installed behind a firewall and also not directly linked to the Internet.
Even Meteocontrol is not the only company whose ICS products have been examined by Ganeshen. In the several last months, the researcher stated about the vulnerabilities to WAGO, Schneider Electric, Moxa, GE Industrial Solutions, XZERES, Nordex and also to eWON.