CVE-2012-5861

CVE-2012-5861 affects Sinapsi Sinapsi eSolar family devices (Light, DUO, eSolar) with firmware prior to 2.0.2870_xxx_2.2.12. The issue is SQL injection caused by unvalidated data in web-facing components, allowing remote attackers to access SQL tables and leak confidential information. The relate...

CVE-2012-5862

CVE-2012-5862 concerns Sinapsi/Sinapsi eSolar devices where hard-coded credentials are stored in the login.php PHP script. Multiple connected sources confirm that an attacker can log in with administrative privileges, enabling unauthorized access. The ICS-CERT advisory for Sinapsi (and related PR...

CVE-2012-5863

The CVE-2012-5863 vulnerability affects Sinapsi eSolar systems (Light, DUO, and related Sinapsi devices) with firmware prior to 2.0.2870_xx_2.2.12. It is an OS Command Injection flaw in the ping.php endpoint, where shell metacharacters in the ip dominio parameter can be used by an unauthenticated...

CVE-2012-5864

The CVE-2012-5864 issue affects Sinapsi eSolar family web-based management interfaces (Light, eSolar, and DUO) prior to firmware 2.0.2870_2.2.12. The root cause is improper authentication: management pages do not require login, enabling remote attackers to obtain administrative access via direct ...