Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5864

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-5864
Last Modified 02 Feb 2013 12:10:19
Published 23 Nov 2012 07:09:58
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-5864

Summary

The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php.

Vulnerable Systems

Operating System

  • Sinapsitech Sinapsi Firmware 2.0.2870


References

MISC - http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf

EXPLOIT-DB - 21273

BUGTRAQ - 20120911 Multiple vulnerabilities in Ezylog photovoltaic management server

XF - sinapsi-sec-bypass(80203)

CONFIRM - http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88


Last Updated: 27 May 2016 11:01:46