Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.
References
Link | Resource |
---|---|
https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0019/FEYE-2020-0019.md | Third Party Advisory |
https://www.fireeye.com/blog/threat-research.html | Third Party Advisory |
https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html | Third Party Advisory |
https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html | Exploit Third Party Advisory |
Configurations
History
26 Feb 2021, 13:37
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:tesla:solarcity_solar_monitoring_gateway:*:*:*:*:*:*:*:* | |
References | (MISC) https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-two.html - Exploit, Third Party Advisory | |
References | (MISC) https://www.fireeye.com/blog/threat-research.html - Third Party Advisory | |
References | (MISC) https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-x2e-iot-device-part-one.html - Third Party Advisory | |
References | (CONFIRM) https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0019/FEYE-2020-0019.md - Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.8
v3 : 8.8 |
CWE | CWE-798 |
18 Feb 2021, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-02-18 00:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-9306
Mitre link : CVE-2020-9306
CVE.ORG link : CVE-2020-9306
JSON object : View
Products Affected
tesla
- solarcity_solar_monitoring_gateway