CVE-2012-5861

Опубликовано: 23 нояб. 2012

Источник: nvd

CVSS2: 7.8

CVSS2: 7.5

EPSS Низкий

Описание

These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:*

Версия до 2.0.2870 (включая)

Одно из

cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:*

cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:*

cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:*

EPSS

Процентиль: 88%

0.03685

Низкий

7.8 High

CVSS2

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-f4r2-hvg9-43x3

github

больше 3 лет назад

Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php.

EPSS

Процентиль: 88%

0.03685

Низкий

7.8 High

CVSS2

7.5 High

CVSS2

Дефекты

CWE-89