CVE-2012-6428 | The Carlo Gavazzi EOS-Box stores hard-coded passwords in t…

Description

The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.

Metadata

CVE ID: CVE-2012-6428
State: PUBLISHED
Assigner: icscert
Reserved: 2012-12-18 00:00 UTC
Published: 2012-12-23 21:00 UTC
Last updated: 2025-07-01 19:59 UTC
Primary CWE: CWE-798
CWE-798
Vendor / Product: Carlo Gavazzi Automation / EOS-Box
Sources: cve.org · NVD

Severity & Metrics

10.0 N/D CVSS 2.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected products (1)

Vendor	Product	Platform	Versions
Carlo Gavazzi Automation	EOS-Box	—	0 < 1.0.0.1080_2.1.10

Weakness (CWE)

CWE	Source	Description
CWE-798	cna	CWE-798

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	N/D	2.0	cna	AV:N/AC:L/Au:N/C:C/I:C/A:C

References (1)

https://www.cisa.gov/news-events/ics-advisories/icsa-12-354-02