CVE-2012-5863

Name of the Vulnerable Software and Affected Versions Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server) versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the ip dominio parameter of the ping.php file.

Recommendations For Sinapsi eSolar Light Photovoltaic System Monitor versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. For Sinapsi eSolar DUO versions prior to 2.0.2870 2.2.12, update to version 2.0.2870 2.2.12 or later. As a temporary workaround, consider restricting access to the ping.php file to minimize the risk of exploitation. Avoid using the ip dominio parameter in the ping.php file until the issue is resolved.