CVE-2012-5862 | These Sinapsi devices store hard-coded passwords in the PHP …

Description

These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.

Metadata

CVE ID: CVE-2012-5862
State: PUBLISHED
Assigner: icscert
Reserved: 2012-11-14 00:00 UTC
Published: 2012-11-23 11:00 UTC
Last updated: 2025-07-08 15:29 UTC
Primary CWE: CWE-259
CWE-259
Vendor / Product: Sinapsi / eSolar
Sources: cve.org · NVD

Severity & Metrics

10.0 N/D CVSS 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected products (3)

Vendor	Product	Platform	Versions
Sinapsi	eSolar	—	0 < 2.0.2870_xxx_2.2.12
Sinapsi	eSolar DUO	—	0 < 2.0.2870_xxx_2.2.12
Sinapsi	eSolar Light	—	0 < 2.0.2870_xxx_2.2.12

Weakness (CWE)

CWE	Source	Description
CWE-259	cna	CWE-259

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	N/D	2.0	cna	AV:N/AC:L/Au:N/C:C/I:C/A:C

References (5)

21273 http://www.exploit-db.com/exploits/21273/
20120911 Multiple vulnerabilities in Ezylog photovoltaic management server http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
sinapsi-default-password(80200) https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88