This week SEC Consult Vulnerability Lab published a report about multiple vulnerabilities in the I-Panda SolarEagle - Solar Controller Administration Software. The reported vulnerabilities include:
• Broken local admin authentication;
• Missing server side authentication;
• Unencrypted communication; and
• Denial of service
SEC Consult reported that they attempted to coordinate the disclosure with the vendor but got no response.