10 matches found
CVE-2025-5022
Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product measurement unit and display unit to...
CVE-2025-5022
Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product measurement unit and display unit to...
CVE-2025-5022
Weak Password Requirements vulnerability in Mitsubishi Electric Corporation photovoltaic system monitor “EcoGuideTAB” PV-DR004J all versions and PV-DR004JA all versions allows an attacker within the Wi-Fi communication range between the units of the product measurement unit and display unit to...
Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems
Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could enable malicious actors to cause disruption and power blackouts. "If exploited, these vulnerabilities could allow an...
CVE-2012-5864
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges...
CVE-2012-5862
These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access...
Authentication flaw
The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server, Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.28702.2.12 do not require authentication, which allows remote attackers to obtain...
Sql injection
Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server, Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.28702.2.12 allow remote attackers to execute arbitrary SQL commands vi...
CVE-2012-5864 Sinapsi eSolar Improper Authentication
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges...
CVE-2012-5863
The CVE-2012-5863 vulnerability affects Sinapsi eSolar systems (Light, DUO, and related Sinapsi devices) with firmware prior to 2.0.2870_xx_2.2.12. It is an OS Command Injection flaw in the ping.php endpoint, where shell metacharacters in the ip dominio parameter can be used by an unauthenticated...