CVE-2012-6427

EUVD-2012-6282
The Carlo Gavazzi 
EOS-Box

does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
carlosgavazzieos-box_photovoltaic_monitoring_system_firmware
𝑥
≤ 1.0.0
carlosgavazzieos-box_photovoltaic_monitoring_system
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-12-354-02
http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf