CVE-2012-5863 | These Sinapsi devices do not check for special elements in c…

Description

These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system.

Metadata

CVE ID: CVE-2012-5863
State: PUBLISHED
Assigner: icscert
Reserved: 2012-11-14 00:00 UTC
Published: 2012-11-23 11:00 UTC
Last updated: 2025-07-08 15:25 UTC
Primary CWE: CWE-78
CWE-78
Vendor / Product: Sinapsi / eSolar
Sources: cve.org · NVD

Severity & Metrics

10.0 N/D CVSS 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected products (3)

Vendor	Product	Platform	Versions
Sinapsi	eSolar	—	0 < 2.0.2870_xxx_2.2.12
Sinapsi	eSolar DUO	—	0 < 2.0.2870_xxx_2.2.12
Sinapsi	eSolar Light	—	0 < 2.0.2870_xxx_2.2.12

Weakness (CWE)

CWE	Source	Description
CWE-78	cna	CWE-78

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	N/D	2.0	cna	AV:N/AC:L/Au:N/C:C/I:C/A:C

References (5)

21273 http://www.exploit-db.com/exploits/21273/
20120911 Multiple vulnerabilities in Ezylog photovoltaic management server http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
sinapsi-default-password(80200) https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88