CVE-2012-5861

EUVD-2012-5739
These Sinapsi devices do not check the validity of the data before 
executing queries. By accessing the SQL table of certain pages that do 
not require authentication within the device, attackers can leak 
information from the device. This could allow the attacker to compromise
 confidentiality.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
sinapsitechsinapsi_firmware
𝑥
≤ 2.0.2870
sinapsitechesolar_duo_photovoltaic_system_monitor
-
sinapsitechesolar_light_photovoltaic_system_monitor
-
sinapsitechesolar_photovoltaic_system_monitor
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
http://www.exploit-db.com/exploits/21273/
http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
http://www.exploit-db.com/exploits/21273/
http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80201