CVE-2022-47767

Name: CVE-2022-47767
Creator: NVD / NIST
Published: 2023-01-26T21:18:05.573+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 1.21%

Last modified Jun 17, 2026

CVE-2022-47767 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). EPSS estimates a 1.21% chance of exploitation in the next 30 days.

Description

A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.21%

64.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-912

Affected Software

Vendor	Product	Versions
Solar-Log	Solar-Log 250 Firmware	< 4.2.8_117
Solar-Log	Solar-Log 250 Firmware	>= 5.0.0, < 5.1.2_156
Solar-Log	Solar-Log 300 Firmware	< 4.2.8_117
Solar-Log	Solar-Log 300 Firmware	>= 5.0.0, < 5.1.2_156
Solar-Log	Solar-Log 500 Firmware	< 4.2.8_117
Solar-Log	Solar-Log 500 Firmware	>= 5.0.0, < 5.1.2_156
Solar-Log	Solar-Log 800e Firmware	< 4.2.8_117
Solar-Log	Solar-Log 800e Firmware	>= 5.0.0, < 5.1.2_156
Solar-Log	Solar-Log 1000 Firmware	< 4.2.8_117
Solar-Log	Solar-Log 1000 Firmware	>= 5.0.0, < 5.1.2_156
Solar-Log	Solar-Log 1000 Pm\+ Firmware	< 4.2.8_117
Solar-Log	Solar-Log 1000 Pm\+ Firmware	>= 5.0.0, < 5.1.2_156
Solar-Log	Solar-Log 1200 Firmware	< 4.2.8_117
Solar-Log	Solar-Log 1200 Firmware	>= 5.0.0, < 5.1.2_156
Solar-Log	Solar-Log 2000 Firmware	< 4.2.8_117
Solar-Log	Solar-Log 2000 Firmware	>= 5.0.0, < 5.1.2_156
Solar-Log	Solar-Log 50 Firmware	< 4.2.8_117
Solar-Log	Solar-Log 50 Firmware	>= 5.0.0, < 5.1.2_156

References

https://www.solar-log.com/en/support/firmware-database-1Vendor Advisory
https://www.swascan.com/security-advisory-solar-log/Exploit, Third Party Advisory
https://www.solar-log.com/en/support/firmware-database-1Vendor Advisory
https://www.swascan.com/security-advisory-solar-log/Exploit, Third Party Advisory

Timeline

Published: Jan 26, 2023
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-47767?

How severe is CVE-2022-47767?

CVE-2022-47767 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 1.21% probability of exploitation in the next 30 days.

How do I fix CVE-2022-47767?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-47767?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST