Vulnerability Details : CVE-2012-5862
login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64.
Products affected by CVE-2012-5862
- cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:*
- cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:*
- cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-5862
0.63%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-5862
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2012-5862
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-5862
-
http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
Exploit
-
http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
Pagina non trovata | Sinapsi | Invent Today
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
Multiple Sinapsi devices default password CVE-2012-5862 Vulnerability Report
-
http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
404 - File Not Found | CISAUS Government Resource
-
http://www.exploit-db.com/exploits/21273/
Ezylog Photovoltaic Management Server - Multiple Vulnerabilities - PHP webapps ExploitExploit
Jump to