Cyber Resilience

CVE-2022-47767

CriticalPublic PoC

Published: 26 January 2023

Published
26 January 2023
Modified
01 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0048 65.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-47767 is a critical-severity Hidden Functionality (CWE-912) vulnerability in Solar-Log Solar-Log 500 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 34.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other AI Platforms.

EU & UK References

Vulnerability details

A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500,…

more

1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.

CWE(s)

AI Security AnalysisAI

AI Category
Other AI Platforms
Risk Domain
N/A
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: backdoor

Related Threats

Affected Assets

solar-log
solar-log 250 firmware
≤ 4.2.8_117 · 5.0.0 — 5.1.2_156
solar-log
solar-log 300 firmware
≤ 4.2.8_117 · 5.0.0 — 5.1.2_156
solar-log
solar-log 500 firmware
≤ 4.2.8_117 · 5.0.0 — 5.1.2_156 · ≤ 4.2.8_117
solar-log
solar-log 800e firmware
≤ 4.2.8_117 · 5.0.0 — 5.1.2_156
solar-log
solar-log 1000 firmware
≤ 4.2.8_117 · 5.0.0 — 5.1.2_156
solar-log
solar-log 1000 pm\+ firmware
≤ 4.2.8_117 · 5.0.0 — 5.1.2_156
solar-log
solar-log 1200 firmware
≤ 4.2.8_117 · 5.0.0 — 5.1.2_156
solar-log
solar-log 2000 firmware
≤ 4.2.8_117 · 5.0.0 — 5.1.2_156
solar-log
solar-log 50 firmware
≤ 4.2.8_117 · 5.0.0 — 5.1.2_156

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-912

Documenting every system component at the required granularity and reviewing the inventory detects or prevents hidden functionality from remaining undetected.

addresses: CWE-912

Recovery eliminates hidden functionality or backdoors introduced during compromise.

addresses: CWE-912

Policy requires supplier transparency and testing to detect hidden functionality or backdoors inserted in the supply chain.

addresses: CWE-912

Screening high-risk technical positions lowers the probability that hidden functionality or backdoors will be added by authorized personnel.

addresses: CWE-912

Hunting identifies hidden functionality used for persistence or evasion after initial compromise.

addresses: CWE-912

TSCM surveys discover and eliminate hidden surveillance functionality that would otherwise remain undetected in the environment.

addresses: CWE-912

Change control, approval gates, and flaw tracking force hidden functionality to be either documented or discovered and removed.

addresses: CWE-912

Vetting and integrity controls during acquisition reduce the likelihood of hidden backdoors or malicious functionality introduced by suppliers.

References