fkie_cve-2012-5863
Vulnerability from fkie_nvd
Published
2012-11-23 12:09
Modified
2025-07-08 16:15
Severity ?
Summary
These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system.
References
ics-cert@hq.dhs.govhttp://archives.neohapsis.com/archives/bugtraq/2012-09/0045.htmlExploit
ics-cert@hq.dhs.govhttp://www.exploit-db.com/exploits/21273/Exploit
ics-cert@hq.dhs.govhttp://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
ics-cert@hq.dhs.govhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80200
ics-cert@hq.dhs.govhttps://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/21273/Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdfUS Government Resource
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80202
Impacted products
Vendor Product Version
sinapsitech sinapsi_firmware *
sinapsitech esolar_duo_photovoltaic_system_monitor -
sinapsitech esolar_light_photovoltaic_system_monitor -
sinapsitech esolar_photovoltaic_system_monitor -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "382C527D-16D4-4557-8E68-C4430416DB57",
              "versionEndIncluding": "2.0.2870",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF238DD2-D119-4652-B63B-9321DFB01A90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C00B699F-DE3B-4371-B814-DE54038C60A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "288B1E9C-52C3-4ACC-807D-F650B850D874",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "These Sinapsi devices do not check for special elements in commands sent \nto the system. By accessing certain pages with administrative privileges\n that do not require authentication within the device, attackers can \nexecute arbitrary, unexpected, or dangerous commands directly onto the \noperating system."
    },
    {
      "lang": "es",
      "value": "ping.php en el Sinapsi eSolar Light Photovoltaic System Monitor (tambi\u00e9n conocido como servidor de gesti\u00f3n Schneider Electric Ezylog photovoltaic SCADA), Sinapsi eSolar, y Sinapsi eSolar DUO con firmware anterior a v2.0.2870_2.2.12 permite a atacantes remotos ejecutar comandos arbitarios mediante una shell de metacaracteres en el par\u00e1metro ip_dominio."
    }
  ],
  "id": "CVE-2012-5863",
  "lastModified": "2025-07-08T16:15:26.747",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary",
        "userInteractionRequired": false
      },
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-11-23T12:09:58.477",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/21273/"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "http://www.sinapsitech.it/default.asp?active_page_id=78\u0026news_id=88"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80200"
    },
    {
      "source": "ics-cert@hq.dhs.gov",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/21273/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.sinapsitech.it/default.asp?active_page_id=78\u0026news_id=88"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80202"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.