CVE-2023-23333
Published: 06 February 2023
Summary
CVE-2023-23333 is a critical-severity Command Injection (CWE-77) vulnerability in Contec Solarview Compact Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
CVE-2023-23333 is a command injection vulnerability, tracked under CWE-77, that affects SolarView Compact through version 6.00. The flaw resides in downloader.php and permits attackers to bypass internal restrictions and inject operating system commands.
Unauthenticated remote attackers can exploit the issue over the network without user interaction. Successful exploitation yields arbitrary command execution and full control over the affected system, consistent with the CVSS 9.8 rating reflecting critical impact to confidentiality, integrity, and availability.
Public references include exploit code published on PacketStorm and a GitHub repository that demonstrate remote command execution against the vulnerable component. No official vendor advisory or patch information is provided in the available references.
The EPSS score stands at 0.9422 with a recorded peak of 0.9628, reflecting persistently high exploitation probability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-27433
Vulnerability details
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.