CVE-2012-5863

EUVD-2012-5741
These Sinapsi devices do not check for special elements in commands sent 
to the system. By accessing certain pages with administrative privileges
 that do not require authentication within the device, attackers can 
execute arbitrary, unexpected, or dangerous commands directly onto the 
operating system.
OS Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
sinapsitechsinapsi_firmware
𝑥
≤ 2.0.2870
sinapsitechesolar_duo_photovoltaic_system_monitor
-
sinapsitechesolar_light_photovoltaic_system_monitor
-
sinapsitechesolar_photovoltaic_system_monitor
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
http://www.exploit-db.com/exploits/21273/
http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
http://www.exploit-db.com/exploits/21273/
http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80202