CVE-2012-5864
published 2012-11-23CVE-2012-5864: These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device…
PriorityP259critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
4.91%
91.0th percentile
These Sinapsi devices
do not check if users that visit pages within the device have properly
authenticated. By directly visiting the pages within the device,
attackers can gain unauthorized access with administrative privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sinapsi | esolar | < 2.0.2870_xxx_2.2.12 | 2.0.2870_xxx_2.2.12 |
| sinapsi | esolar_duo | < 2.0.2870_xxx_2.2.12 | 2.0.2870_xxx_2.2.12 |
| sinapsi | esolar_light | < 2.0.2870_xxx_2.2.12 | 2.0.2870_xxx_2.2.12 |
| sinapsitech | sinapsi_firmware | <= 2.0.2870 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated HTTP GET requests to /dettagliinverter.php with the 'inverterselect' parameter containing SQL metacharacters (quotes, UNION, SELECT, etc.), indicating SQL injection attempts. ↗
- →Monitor for HTTP POST requests to /changelanguagesession.php with the 'lingua' parameter containing SQL metacharacters, indicating SQL injection attempts. ↗
- →Monitor for HTTP POST requests to /ping.php with the 'ip_dominio' parameter containing shell metacharacters such as '&', ';', '|', or '%26', indicating OS command injection attempts. ↗
- →Alert on unauthenticated access to sensitive management pages (e.g., ping.php, dettagliinverter.php) — the device does not enforce session authentication on these pages, so any direct access without a prior login sequence is suspicious. ↗
- →Detect login attempts using the hardcoded credentials 'astridservice', '36e44c9b64', or 'sinapsi'/'sinapsi' against the device's login.php page. ↗
- ·All firmware versions prior to 2.0.2870_xxx_2.2.12 are affected; the hardcoded credentials and vulnerable pages exist in the PHP files and cannot be patched by users — only a firmware update resolves them. ↗
- ·The same vulnerable management server firmware is shared across multiple OEM brands (Schneider Electric Ezylog and others), so the same IOCs and attack paths apply to rebranded products beyond Sinapsi. ↗
- ·Passwords in the SQL database are stored in plain text, meaning successful SQL injection against dettagliinverter.php directly yields cleartext credentials. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v26h-2hg9-6mq7: The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server),
ghsa_unreviewed·2022-05-17
CVE-2012-5864 [HIGH] CWE-287 GHSA-v26h-2hg9-6mq7: The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server),
The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php.
CISA ICS
Sinapsi Devices Vulnerabilities
cisa_ics·2012-10-10
Sinapsi Devices Vulnerabilities
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Sinapsi Devices Vulnerabilities
Last RevisedJanuary 10, 2020
Alert CodeICSA-12-325-01
## Overview
This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012.
Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept (exploit) code for the Sinapsi eSolar Light Photovoltaic System Monitor without coordination with ICS-CERT, this vendor, or any other coordinating entity known to ICS-CERT.
The eSolar Light has also been sold with differen
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.htmlhttp://www.exploit-db.com/exploits/21273/http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88https://exchange.xforce.ibmcloud.com/vulnerabilities/80200https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.htmlhttp://www.exploit-db.com/exploits/21273/http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdfhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80203
2012-11-23
Published