Vulnerability Description
Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tesla | Solarcity Solar Monitoring Gateway | <= 5.46.43 |
Related Weaknesses (CWE)
References
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0019/Third Party Advisory
- https://www.fireeye.com/blog/threat-research.htmlThird Party Advisory
- https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-xThird Party Advisory
- https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-xExploitThird Party Advisory
- https://github.com/fireeye/Vulnerability-Disclosures/blob/master/FEYE-2020-0019/Third Party Advisory
- https://www.fireeye.com/blog/threat-research.htmlThird Party Advisory
- https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-xThird Party Advisory
- https://www.fireeye.com/blog/threat-research/2021/02/solarcity-exploitation-of-xExploitThird Party Advisory
FAQ
What is CVE-2020-9306?
CVE-2020-9306 is a vulnerability with a CVSS score of 8.8 (HIGH). Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user a...
How severe is CVE-2020-9306?
CVE-2020-9306 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-9306?
Check the references section above for vendor advisories and patch information. Affected products include: Tesla Solarcity Solar Monitoring Gateway.