CVE-2023-46344

Vulnerability

A stored cross-site scripting (XSS) vulnerability exists in the switch group function of the Solar-Log Base 15 web portal, accessible via /#ilang=DE&b=c_smartenergy_swgroups. The vulnerability is present in firmware version 6.0.1 Build 161 and possibly other Solar-Log Base products. An attacker can inject malicious JavaScript that is stored and later executed in the context of an authenticated user's session [3].

Exploitation

An attacker with network access to the Solar-Log Base web portal can inject a crafted XSS payload into the switch group function. When an administrator or installer (PM) views the affected page, the payload executes, allowing the attacker to perform actions on behalf of the victim. The attacker does not require prior authentication but must entice a privileged user to visit the maliciously crafted page [3].

Impact

Successful exploitation enables privilege escalation from an unprivileged user to an installer or PM role. With these elevated privileges, the attacker can gain administrative access to the web portal and execute further attacks, potentially compromising the entire Solar-Log system [3].

Mitigation

The vendor states that the vulnerability has been fixed in firmware version 3.0.0-60 (released 11 October 2013) for Solar-Log models SL 200, SL 500, and SL 1000. For models SL 250, SL 300, SL 1200, SL 2000, SL 50 Gateway, and SL Base, the vulnerability is reported as not existing [2]. Users of affected models should update to the fixed firmware version. No workaround is provided in the available references.