CVE-2012-6427

The Carlo Gavazzi 
EOS-Box

does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:N/A:N
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
carlosgavazzieos-box_photovoltaic_monitoring_system_firmware
𝑥
≤ 1.0.0
carlosgavazzieos-box_photovoltaic_monitoring_system
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/news-events/ics-advisories/icsa-12-354-02
http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf