Outback Power Mojave Inverter Sensitive Information Exposure Vulnerability

A vulnerability exists in the Outback Power Mojave Inverter, all versions, due to the use of the GET method for transmitting sensitive information. This flaw allows unauthorized access to sensitive data by modifying the URL to extract information about the target network. Additionally, the vulnerability could be exploited to inject commands through specially crafted POST requests.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive information and command injection capabilities.

Remediation

Users are advised to disable the networking features of the Mojave Inverter until a replacement product can be acquired. CISA recommends taking defensive measures to minimize the risk of exploitation, such as disabling unused functions, minimizing network exposure for control system devices, and using secure remote access methods like VPNs. Organizations should also follow CISA's recommended practices for ICS cybersecurity.