CVE-2012-6428

Опубликовано: 23 дек. 2012

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

The Carlo Gavazzi EOS-Box

stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.

Ссылки

https://www.cisa.gov/news-events/ics-advisories/icsa-12-354-02
http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:carlosgavazzi:eos-box_photovoltaic_monitoring_system_firmware:*:*:*:*:*:*:*:*

Версия до 1.0.0 (включая)

cpe:2.3:h:carlosgavazzi:eos-box_photovoltaic_monitoring_system:-:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00242

Низкий

10 Critical

CVSS2

10 Critical

CVSS2

Дефекты

CWE-798

CWE-255

Связанные уязвимости

GHSA-mp78-772x-4r85

github

больше 3 лет назад

Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862.

EPSS

Процентиль: 47%

0.00242

Низкий

10 Critical

CVSS2

10 Critical

CVSS2

Дефекты

CWE-798

CWE-255