EUVD-2012-5739

Malware in sbrugna...

EUVD-2012-5741

Malware in sbrugna...

sinapsi-service.com Cross Site Scripting vulnerability OBB-2616361

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Sinapsi eSolar Light Plaintext Password Disclosure Vulnerability

Sinapsi eSolar Light is a monitoring system for use within solar applications from the Italian company Sinapsi. A security vulnerability in Sinapsi eSolar Light allows a remote attacker to read the HTML source code in the mail-configuration page to obtain a clear-text password and use it for...

CVE-2015-3949

Sinapsi eSolar Light with firmware before 2.0.3970schsl2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page...

Code injection

Sinapsi eSolar Light with firmware before 2.0.3970schsl2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page...

CVE-2015-3949

The CVE-2015-3949 issue affects Sinapsi eSolar Light firmware prior to 2.0.3970_schsl_2.2.85. Vulnerability: a plaintext password disclosure via viewing the HTML source on the mail-configuration page. Impact: attacker with local access can read cleartext passwords stored for mail configuration, c...

CVE-2015-3949

Sinapsi eSolar Light with firmware before 2.0.3970schsl2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page...

Sinapsi eSolar Light Plaintext Passwords Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified plain text passwords in Sinapsi’s eSolar Light application. Sinapsi has produced a new version to mitigate this vulnerability. AFFECTED PRODUCTS The following Sinapsi eSolar Light versions are affected: Sinapsi eSolar Light firmware versio...

CVE-2012-5863

These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating...

CVE-2012-5862

These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access...

CVE-2012-5861

These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality...

CVE-2012-5864

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges...

Hardcoded credentials

login.php on the Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server, Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.28702.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to...

Sql injection

Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server, Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.28702.2.12 allow remote attackers to execute arbitrary SQL commands vi...

CVE-2012-5864

The CVE-2012-5864 issue affects Sinapsi eSolar family web-based management interfaces (Light, eSolar, and DUO) prior to firmware 2.0.2870_2.2.12. The root cause is improper authentication: management pages do not require login, enabling remote attackers to obtain administrative access via direct ...

CVE-2012-5864 Sinapsi eSolar Improper Authentication

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges...

CVE-2012-5862

CVE-2012-5862 concerns Sinapsi/Sinapsi eSolar devices where hard-coded credentials are stored in the login.php PHP script. Multiple connected sources confirm that an attacker can log in with administrative privileges, enabling unauthorized access. The ICS-CERT advisory for Sinapsi (and related PR...

CVE-2012-5863

The CVE-2012-5863 vulnerability affects Sinapsi eSolar systems (Light, DUO, and related Sinapsi devices) with firmware prior to 2.0.2870_xx_2.2.12. It is an OS Command Injection flaw in the ping.php endpoint, where shell metacharacters in the ip dominio parameter can be used by an unauthenticated...

CVE-2012-5863 Sinapsi eSolar OS Command Injection

These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating...