CVE-2012-5864

Sinapsi eSolar Improper Authentication

CVSS 9.4 EPSS 4.9%CWE-287

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.

AV:N/AC:L/Au:N/C:C/I:C/A:N

Affected products

Sinapsi · eSolar Sinapsi · eSolar DUO Sinapsi · eSolar Light

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/21273/unverified exploitdbwww.exploit-db.com/exploits/21273unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html https://exchange.xforce.ibmcloud.com/vulnerabilities/80200 https://exchange.xforce.ibmcloud.com/vulnerabilities/80203 https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01 http://www.exploit-db.com/exploits/21273/http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88 http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf