PT-2012-6158 · Sinapsi+1 · Sinapsi Esolar Light Photovoltaic System Monitor+3

Ivan Speziale

Publicado

2012-11-23

Atualizado

2025-07-08

CVE-2012-5862

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server) versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12

Description The issue allows remote attackers to obtain administrative access by leveraging hardcoded accounts in the login.php script. The script contains cleartext passwords or password hashes, making it easier for attackers to gain access. Demonstrated passwords include astridservice or 36e44c9b64.

Recommendations For Sinapsi eSolar Light Photovoltaic System Monitor versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-259CWE-310

Identificadores relacionados

CVE-2012-5862

Produtos afetados

Schneider Electric Ezylog

Sinapsi Esolar

Sinapsi Esolar Duo

Sinapsi Esolar Light Photovoltaic System Monitor

PT-2012-6158 · Sinapsi+1 · Sinapsi Esolar Light Photovoltaic System Monitor+3

CVE-2012-5862

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9