NVD

Id
46888  
Name
CVE-2012-5864  
Description
The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php.  
Reject
 
CVSS Version
2  
CVSS Score
10  
Severity
High  
CVSS Base Score
10  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-01-19  
Published
2012-11-23  
Modified Date
2013-02-02  
Seq
2012-5864  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
234856 46888 CVE-2012-5864 20120911 Multiple vulnerabilities in Ezylog photovoltaic management server  View
234857 46888 CVE-2012-5864 21273  View
234858 46888 CVE-2012-5864 http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88  View
234859 46888 CVE-2012-5864 http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf  View
234860 46888 CVE-2012-5864 sinapsi-sec-bypass(80203)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
29795 JVNDB-2012-005502 複数の Sinapsi 製品の管理 Web ページにおける管理者のアクセス権限を取得される脆弱性 複数の Sinapsi 製品の管理 Web ページは、認証を要求しないため、管理者のアクセス権限を取得される脆弱性が存在します。 CVE-2012-5864 59102 CVE-2012-5864 46888 10 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-005502.html 2012-11-19 2012-11-26 View