CVE-2012-5864

Published Nov 23, 2012

Last updated 7 years ago

Overview

Description: The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php.
Source: ics-cert@hq.dhs.gov
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "382C527D-16D4-4557-8E68-C4430416DB57",
            "versionEndIncluding": "2.0.2870"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF238DD2-D119-4652-B63B-9321DFB01A90"
          },
          {
            "criteria": "cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C00B699F-DE3B-4371-B814-DE54038C60A0"
          },
          {
            "criteria": "cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "288B1E9C-52C3-4ACC-807D-F650B850D874"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References