PatchSiren cyber security CVE debrief
CVE-2022-1277 Inavitas CVE debrief
CVE-2022-1277 is a critical unauthenticated SQL injection vulnerability affecting Inavitas Solar Log, published by NVD on 2022-07-29 and last modified on 2026-05-20. The vulnerability allows remote attackers to execute arbitrary SQL commands without authentication, potentially leading to complete database compromise, data exfiltration, and unauthorized administrative access to solar energy monitoring systems. The CVSS 3.1 score of 9.4 reflects network attack vector, low complexity, no privileges required, no user interaction, and high impact on confidentiality and integrity with low availability impact. The vulnerability is classified under CWE-89 (SQL Injection) by both USOM and NVD. Turkish government cybersecurity authorities (USOM and Siber Güvenlik) issued advisory TR-22-0514 documenting this issue. No version constraints are specified in CPE data beyond versions prior to 1.0. Organizations using Inavitas Solar Log should immediately apply vendor patches, implement web application firewalls with SQL injection rules, restrict network access to administrative interfaces, and conduct database access log reviews for indicators of compromise.
- Vendor
- Inavitas
- Product
- Inavitas Solar Log
- CVSS
- CRITICAL 9.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2022-07-29
- Original CVE updated
- 2026-05-20
- Advisory published
- 2022-07-29
- Advisory updated
- 2026-05-20
Who should care
Organizations operating Inavitas Solar Log solar energy monitoring systems, critical infrastructure operators in energy sector, managed service providers supporting renewable energy installations, and security teams responsible for industrial control system and IoT device protection.
Technical summary
Unauthenticated SQL injection vulnerability in Inavitas Solar Log allows remote attackers to execute arbitrary SQL commands via network-accessible application interfaces. Attack requires no authentication credentials or user interaction. Successful exploitation grants attackers ability to read, modify, or delete database contents and potentially escalate to administrative control of solar monitoring infrastructure.
Defensive priority
critical
Recommended defensive actions
- Apply vendor-supplied patches for Inavitas Solar Log to version 1.0 or later
- Deploy web application firewall rules to detect and block SQL injection attempts
- Restrict network access to Solar Log administrative interfaces to authorized management networks only
- Review database access logs for unauthorized query patterns or unexpected administrative actions
- Conduct vulnerability scanning to identify exposed Solar Log instances
- Implement principle of least privilege for database accounts used by the application
Evidence notes
CVE published 2022-07-29; modified 2026-05-20. CPE indicates affected versions prior to 1.0. Advisory TR-22-0514 issued by Turkish National Cyber Security Incident Response Center (USOM).
Official resources
-
CVE-2022-1277 CVE record
CVE.org
-
CVE-2022-1277 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
2022-07-29