CVE-2012-5861

Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
sinapsitechsinapsi_firmware
𝑥
≤ 2.0.2870
sinapsitechesolar_duo_photovoltaic_system_monitor
-
sinapsitechesolar_light_photovoltaic_system_monitor
-
sinapsitechesolar_photovoltaic_system_monitor
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
http://www.exploit-db.com/exploits/21273/
http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80201
http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
http://www.exploit-db.com/exploits/21273/
http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80201