Public ICS Vulnerability Disclosure – 11-19-16

This week SEC Consult Vulnerability Lab published a report about multiple vulnerabilities in the I-Panda SolarEagle - Solar Controller Administration Software. The reported vulnerabilities include:

• Broken local admin authentication;

• Missing server side authentication;

• Unencrypted communication; and

• Denial of service

SEC Consult reported that they attempted to coordinate the disclosure with the vendor but got no response.