CVE-2012-5862

Опубликовано: 23 нояб. 2012

Источник: nvd

CVSS2: 10

EPSS Средний

Описание

These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:*

Версия до 2.0.2870 (включая)

Одно из

cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:*

cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:*

cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.18795

Средний

10 Critical

CVSS2

10 Critical

CVSS2

Дефекты

CWE-259

CWE-310

Связанные уязвимости

GHSA-8xw2-rf2c-8v7w

github

больше 3 лет назад

login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64.

EPSS

Процентиль: 95%

0.18795

Средний

10 Critical

CVSS2

10 Critical

CVSS2

Дефекты

CWE-259

CWE-310