CVE-2012-5864
N/A
N/A
Summary
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Sinapsi | eSolar | 0 < 2.0.2870_xxx_2.2.12 | affected |
| Sinapsi | eSolar DUO | 0 < 2.0.2870_xxx_2.2.12 | affected |
| Sinapsi | eSolar Light | 0 < 2.0.2870_xxx_2.2.12 | affected |
Weaknesses
- CWE-287: CWE-287
ADP Enrichment
CVE Program Container
Additional References
- http://www.exploit-db.com/exploits/21273/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80203
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
References
- http://www.exploit-db.com/exploits/21273/
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
- https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.