14 matches found
EUVD-2012-6283
Malware in sbrugna...
CVE-2012-6428
The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access...
CVE-2012-6427
The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality...
CVE-2012-6427
The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality...
CVE-2012-6428
The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access...
Sql injection
Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.10802.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861...
Hardcoded credentials
Carlo Gavazzi EOS-Box with firmware before 1.0.0.10802.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862...
CVE-2012-6427 Carlo Gavazzi EOS Box SQL Injection
The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality...
CVE-2012-6428
CVE-2012-6428 affects the Carlo Gavazzi EOS-Box embedded system. The vulnerability stems from hard-coded credentials stored in a PHP file, enabling attackers to log in with administrative privileges and potentially gain full control of the device. Affected products are EOS-Box Firmware versions p...
CVE-2012-6427
The CVE-2012-6427 issue affects Carlo Gavazzi EOS-Box devices and is caused by SQL injection where user-supplied data is not validated before being used in queries. This vulnerability exists in firmware prior to 1.0.0.1080_2.1.10, allowing remote attackers to access the device’s SQL table and pot...
CVE-2012-6428 Carlo Gavazzi EOS Box Hard-Coded Credentials
The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access...
PT-2012-6274 · Carlo Gavazzi · Eos-Box
Name of the Vulnerable Software and Affected Versions: Carlo Gavazzi EOS-Box versions prior to 1.0.0.1080 2.1.10 Description: The issue allows remote attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or modification. This is achieved through SQL injectio...
PT-2012-6275 · Carlo Gavazzi · Eos-Box
Name of the Vulnerable Software and Affected Versions: Carlo Gavazzi EOS-Box versions prior to 1.0.0.1080 2.1.10 Description: The issue allows remote attackers to obtain administrative access by reading a password in a PHP script. This is due to the establishment of multiple hardcoded accounts...
Carlo Gavazzi EOS Box Multiple Vulnerabilities
Overview This advisory provides mitigation details for multiple vulnerabilities that impact the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has identified two vulnerabilities in the Carlo Gavazzi EOS-Box Photovoltaic Monitoring System. Carlo Gavazzi has produced a firmware...