CVE-2012-5864

Sinapsi eSolar Improper Authentication

CVSS 9.4 EPSS 4.9%CWE-287

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.

AV:N/AC:L/Au:N/C:C/I:C/A:N

Productos afectados

Sinapsi · eSolar Sinapsi · eSolar DUO Sinapsi · eSolar Light

PoCs públicas encontradas — 2

cve_referencewww.exploit-db.com/exploits/21273/no verificado exploitdbwww.exploit-db.com/exploits/21273no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html https://exchange.xforce.ibmcloud.com/vulnerabilities/80200 https://exchange.xforce.ibmcloud.com/vulnerabilities/80203 https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01 http://www.exploit-db.com/exploits/21273/http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88 http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf