Описание
These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system.
Ссылки
- Exploit
- Exploit
- Exploit
- Exploit
- US Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 2.0.2870 (включая)
Одновременно
cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:*
cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:*
cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05711
Низкий
10 Critical
CVSS2
10 Critical
CVSS2
Дефекты
CWE-78
CWE-264
Связанные уязвимости
github
больше 3 лет назад
ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in the ip_dominio parameter.
EPSS
Процентиль: 90%
0.05711
Низкий
10 Critical
CVSS2
10 Critical
CVSS2
Дефекты
CWE-78
CWE-264