20 matches found
Ezylog Photovoltaic Management Server Multiple Vulnerabilities
No description provided by source. Multiple vulnerabilities in Ezylog photovoltaic management server ================================================================= ADVISORY INFORMATION Title: Multiple vulnerabilities in Ezylog photovoltaic management server Discovery date: 27/08/2012 Release...
CVE-2012-5863
These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating...
CVE-2012-5861
These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality...
CVE-2012-5862
These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access...
CVE-2012-5864
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges...
Hardcoded credentials
login.php on the Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server, Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.28702.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to...
Authentication flaw
The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server, Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.28702.2.12 do not require authentication, which allows remote attackers to obtain...
Code injection
ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server, Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.28702.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in the...
Sql injection
Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server, Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.28702.2.12 allow remote attackers to execute arbitrary SQL commands vi...
CVE-2012-5864 Sinapsi eSolar Improper Authentication
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges...
CVE-2012-5861
CVE-2012-5861 affects Sinapsi Sinapsi eSolar family devices (Light, DUO, eSolar) with firmware prior to 2.0.2870_xxx_2.2.12. The issue is SQL injection caused by unvalidated data in web-facing components, allowing remote attackers to access SQL tables and leak confidential information. The relate...
CVE-2012-5864
The CVE-2012-5864 issue affects Sinapsi eSolar family web-based management interfaces (Light, eSolar, and DUO) prior to firmware 2.0.2870_2.2.12. The root cause is improper authentication: management pages do not require login, enabling remote attackers to obtain administrative access via direct ...
CVE-2012-5862
CVE-2012-5862 concerns Sinapsi/Sinapsi eSolar devices where hard-coded credentials are stored in the login.php PHP script. Multiple connected sources confirm that an attacker can log in with administrative privileges, enabling unauthorized access. The ICS-CERT advisory for Sinapsi (and related PR...
CVE-2012-5863
The CVE-2012-5863 vulnerability affects Sinapsi eSolar systems (Light, DUO, and related Sinapsi devices) with firmware prior to 2.0.2870_xx_2.2.12. It is an OS Command Injection flaw in the ping.php endpoint, where shell metacharacters in the ip dominio parameter can be used by an unauthenticated...
CVE-2012-5862 Sinapsi eSolar Hard-Coded Password
These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access...
CVE-2012-5861 Sinapsi eSolar SQL Injection
These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality...
Multiple vulnerabilities in Ezylog photovoltaic management server
Multiple vulnerabilities in Ezylog photovoltaic management server ================================================================= ADVISORY INFORMATION Title: Multiple vulnerabilities in Ezylog photovoltaic management server Discovery date: 27/08/2012 Release date: 11/09/2012 Credits: Roberto...
Ezylog Photovoltaic Management Server - Multiple Vulnerabilities
Multiple vulnerabilities in Ezylog photovoltaic management server ================================================================= ADVISORY INFORMATION Title: Multiple vulnerabilities in Ezylog photovoltaic management server Discovery date: 27/08/2012 Release date: 11/09/2012 Credits: Roberto...
Ezylog Photovoltaic Management Server - Multiple Vulnerabilities
Ezylog Photovoltaic Management Server - Multiple Vulnerabilities Multiple vulnerabilities in Ezylog photovoltaic management server ================================================================= ADVISORY INFORMATION Title: Multiple vulnerabilities in Ezylog photovoltaic management server...
Ezylog Photovoltaic Management SQL Injection / Command Injection
Multiple vulnerabilities in Ezylog photovoltaic management server ================================================================= ADVISORY INFORMATION Title: Multiple vulnerabilities in Ezylog photovoltaic management server Discovery date: 27/08/2012 Release date: 11/09/2012 Credits: Roberto...