Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5861

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2012-5861
Last Modified 02 Feb 2013 12:10:18
Published 23 Nov 2012 07:09:58
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5861

Summary

Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php.

Vulnerable Systems

Operating System

  • Sinapsitech Sinapsi Firmware 2.0.2870


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf

EXPLOIT-DB - 21273

BUGTRAQ - 20120911 Multiple vulnerabilities in Ezylog photovoltaic management server

XF - sinapsi-sql-injection(80201)

CONFIRM - http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88


Last Updated: 27 May 2016 10:58:32