CVE-2012-5862

2012-11-2311:00:00

icscert

www.cve.org

6.7 Medium

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

79.2%

JSON

login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64.