EUVD-2012-5739

Malware in sbrugna...

Sinapsi eSolar Light Plaintext Password Disclosure Vulnerability

Sinapsi eSolar Light is a monitoring system for use within solar applications from the Italian company Sinapsi. A security vulnerability in Sinapsi eSolar Light allows a remote attacker to read the HTML source code in the mail-configuration page to obtain a clear-text password and use it for...

CVE-2015-3949

Sinapsi eSolar Light with firmware before 2.0.3970schsl2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page...

Code injection

Sinapsi eSolar Light with firmware before 2.0.3970schsl2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page...

CVE-2015-3949

The CVE-2015-3949 issue affects Sinapsi eSolar Light firmware prior to 2.0.3970_schsl_2.2.85. Vulnerability: a plaintext password disclosure via viewing the HTML source on the mail-configuration page. Impact: attacker with local access can read cleartext passwords stored for mail configuration, c...

CVE-2015-3949

Sinapsi eSolar Light with firmware before 2.0.3970schsl2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page...

CVE-2012-5863

These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating...

CVE-2012-5861

These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality...

CVE-2012-5864

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges...

Hardcoded credentials

login.php on the Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server, Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.28702.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to...

Sql injection

Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server, Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.28702.2.12 allow remote attackers to execute arbitrary SQL commands vi...

CVE-2012-5862

CVE-2012-5862 concerns Sinapsi/Sinapsi eSolar devices where hard-coded credentials are stored in the login.php PHP script. Multiple connected sources confirm that an attacker can log in with administrative privileges, enabling unauthorized access. The ICS-CERT advisory for Sinapsi (and related PR...

CVE-2012-5864

The CVE-2012-5864 issue affects Sinapsi eSolar family web-based management interfaces (Light, eSolar, and DUO) prior to firmware 2.0.2870_2.2.12. The root cause is improper authentication: management pages do not require login, enabling remote attackers to obtain administrative access via direct ...

CVE-2012-5864 Sinapsi eSolar Improper Authentication

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges...

CVE-2012-5863

The CVE-2012-5863 vulnerability affects Sinapsi eSolar systems (Light, DUO, and related Sinapsi devices) with firmware prior to 2.0.2870_xx_2.2.12. It is an OS Command Injection flaw in the ping.php endpoint, where shell metacharacters in the ip dominio parameter can be used by an unauthenticated...

CVE-2012-5863 Sinapsi eSolar OS Command Injection

These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating...

PT-2012-6159 · Sinapsi +1 · Sinapsi Esolar Light Photovoltaic System Monitor +3

Name of the Vulnerable Software and Affected Versions: Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.28...

PT-2012-6157 · Sinapsi +1 · Sinapsi Esolar Light Photovoltaic System Monitor +3

Name of the Vulnerable Software and Affected Versions: Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.28...

PT-2012-6158 · Sinapsi +1 · Sinapsi Esolar Light Photovoltaic System Monitor +3

Name of the Vulnerable Software and Affected Versions: Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.28...

PT-2012-6160 · Sinapsi +1 · Sinapsi Esolar Light Photovoltaic System Monitor +3

Name of the Vulnerable Software and Affected Versions: Sinapsi eSolar Light Photovoltaic System Monitor aka Schneider Electric Ezylog photovoltaic SCADA management server versions prior to 2.0.2870 2.2.12 Sinapsi eSolar versions prior to 2.0.2870 2.2.12 Sinapsi eSolar DUO versions prior to 2.0.28...