4 matches found
Hardcoded credentials
Carlo Gavazzi EOS-Box with firmware before 1.0.0.10802.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862...
CVE-2012-6428 Carlo Gavazzi EOS Box Hard-Coded Credentials
The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access...
CVE-2012-5862
CVE-2012-5862 concerns Sinapsi/Sinapsi eSolar devices where hard-coded credentials are stored in the login.php PHP script. Multiple connected sources confirm that an attacker can log in with administrative privileges, enabling unauthorized access. The ICS-CERT advisory for Sinapsi (and related PR...
Sinapsi Devices Vulnerabilities
Overview This advisory is a follow-up to the alert titled ICS-ALERT-12-284-01—Sinapsi eSolar Light Vulnerabilities that was published October 10, 2012. Independent researchers Roberto Paleari and Ivan Speziale identified four vulnerabilities and released proof-of-concept exploit code for the...