CVE-2012-5862
published 2012-11-23CVE-2012-5862: These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the…
PriorityP263critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
11.95%
95.6th percentile
These Sinapsi devices
store hard-coded passwords in the PHP file of the device. By using the
hard-coded passwords in the device, attackers can log into the device
with administrative privileges. This could allow the attacker to have
unauthorized access.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sinapsi | esolar | < 2.0.2870_xxx_2.2.12 | 2.0.2870_xxx_2.2.12 |
| sinapsi | esolar_duo | < 2.0.2870_xxx_2.2.12 | 2.0.2870_xxx_2.2.12 |
| sinapsi | esolar_light | < 2.0.2870_xxx_2.2.12 | 2.0.2870_xxx_2.2.12 |
| sinapsitech | sinapsi_firmware | <= 2.0.2870 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests to /dettagliinverter.php with the 'inverterselect' parameter for SQL injection payloads (e.g., quotes, UNION, comment sequences). ↗
- →Monitor HTTP POST requests to /changelanguagesession.php for SQL injection in the 'lingua' parameter. ↗
- →Detect command injection attempts against /ping.php via the 'ip_dominio' POST parameter; look for shell metacharacters such as '&', ';', '|', '%26' in the parameter value. ↗
- →Alert on unauthenticated access to /ping.php — the device does not verify session authentication before serving this page, making it directly exploitable without login. ↗
- →Flag login attempts to login.php using the known hard-coded passwords '36e44c9b64', 'astridservice', or 'sinapsi', regardless of the supplied username. ↗
- ·Hard-coded passwords are embedded in the PHP source of login.php and cannot be changed or removed by the user; patching requires a firmware update to version 2.0.2870_2.2.12 or later. ↗
- ·The vulnerability affects all analyzed firmware versions of the Sinapsi eSolar, eSolar DUO, and eSolar Light, as well as rebranded OEM variants from other manufacturers. ↗
- ·Passwords in the SQL database are stored in plain text, meaning successful SQL injection against dettagliinverter.php directly yields cleartext credentials. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8xw2-rf2c-8v7w: login
ghsa_unreviewed·2022-05-17
CVE-2012-5862 [HIGH] CWE-259 GHSA-8xw2-rf2c-8v7w: login
login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64.
GHSA
GHSA-mp78-772x-4r85: Carlo Gavazzi EOS-Box with firmware before 1
ghsa_unreviewed·2022-05-17·CVSS 10.0
CVE-2012-6428 [CRITICAL] CWE-798 GHSA-mp78-772x-4r85: Carlo Gavazzi EOS-Box with firmware before 1
Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862.
CISA ICS
Sinapsi Devices Vulnerabilities
cisa_ics·2012-10-10
Sinapsi Devices Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Sinapsi Devices Vulnerabilities
Last RevisedJanuary 10, 2020
Alert CodeICSA-12-325-01
## Overview
This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012.
Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept (exploit) code for the Sinapsi eSolar Light Photovoltaic System Monitor without coordination with ICS-CERT, this vendor, or any other coordinating entity known to ICS-CERT.
The eSolar Light has also been sold with differen
No detection rules found.
Exploit-DB
Ezylog Photovoltaic Management Server - Multiple Vulnerabilities
exploitdb·2012-09-12
CVE-2012-5864 Ezylog Photovoltaic Management Server - Multiple Vulnerabilities
Ezylog Photovoltaic Management Server - Multiple Vulnerabilities
---
Multiple vulnerabilities in Ezylog photovoltaic management server
[ADVISORY INFORMATION]
Title: Multiple vulnerabilities in Ezylog photovoltaic management server
Discovery date: 27/08/2012
Release date: 11/09/2012
Credits: Roberto Paleari ([email protected], @rpaleari)
Ivan Speziale ([email protected])
[AFFECTED PRODUCTS]
The vulnerabilities discussed in this advisory affect the Schneider Electric
Ezylog photovoltaic SCADA management server. However, the same management
server is shared among different photovoltaic SCADA products from several
manufacturers, with few customization. Thus, the same vulnerabilities should
also apply to other products as well. All the firmware versions we analyzed
have been found to
Exploit-DB
WebcamXP and webcam 7 - Directory Traversal
exploitdb·2012-02-22
WebcamXP and webcam 7 - Directory Traversal
WebcamXP and webcam 7 - Directory Traversal
---
# Exploit Title: WebcamXP and Webcam7 Directory Traversal Vulnerability
# Google Dork: "powered by webcamxp" xhtml css
# Google Dork: "powered by webcam 7"
# Date: 2/22/2012
# Author: Silent Dream
# Software Link: http://dl.filekicker.com/send/file/230775-FQAC/wlite550.exe
# Software Link: http://dl.filekicker.com/send/file/226161-G6BD/w7inst.exe
# Version: WebcamXP 5.5.1.2, Webcam 7 v0.9.9.32
# Tested on: Windows XP
# Similar to CVE: 2008-5862 but uses backslashes instead of encoded forward slashes.
http://ip:8080/..\..\..\..\..\..\..\..\..\..\..\boot.ini
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.htmlhttp://www.exploit-db.com/exploits/21273/http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88https://exchange.xforce.ibmcloud.com/vulnerabilities/80200https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.htmlhttp://www.exploit-db.com/exploits/21273/http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80200
2012-11-23
Published