CVE

Id
59107  
CVE No.
CVE-2012-5864  
Status
Candidate  
Description
The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php.  
Phase
Assigned (20121114)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
603501 59107 CVE-2012-5864 BUGTRAQ:20120911 Multiple vulnerabilities in Ezylog photovoltaic management server  View
603502 59107 CVE-2012-5864 URL:http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html  View
603503 59107 CVE-2012-5864 EXPLOIT-DB:21273  View
603504 59107 CVE-2012-5864 URL:http://www.exploit-db.com/exploits/21273/  View
603505 59107 CVE-2012-5864 MISC:http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf  View
603506 59107 CVE-2012-5864 CONFIRM:http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88  View
603507 59107 CVE-2012-5864 XF:sinapsi-sec-bypass(80203)  View

Related JVN