CVE-2012-5862

Sinapsi eSolar Hard-Coded Password

CVSS 10 EPSS 11.9%CWE-259

These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.

AV:N/AC:L/Au:N/C:C/I:C/A:C

Affected products

Sinapsi · eSolar Sinapsi · eSolar DUO Sinapsi · eSolar Light

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/21273/unverified exploitdbwww.exploit-db.com/exploits/21273unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html https://exchange.xforce.ibmcloud.com/vulnerabilities/80200 https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01 http://www.exploit-db.com/exploits/21273/http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88 http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf