Vulnerabilities > CVE-2012-5862 - Cryptographic Issues vulnerability in Sinapsitech products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

sinapsitech

CWE-310

exploit available

NVD

Published: 2012-11-23

Updated: 2024-11-21

Summary

login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64.

Vulnerable Configurations

Part	Description	Count
OS	Sinapsitech Sinapsitech Sinapsi Firmware *	1
Hardware	Sinapsitech Sinapsitech Esolar DUO Photovoltaic System Monitor - Sinapsitech Esolar Light Photovoltaic System Monitor - Sinapsitech Esolar Photovoltaic System Monitor -	3

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Exploit-Db

description	Ezylog Photovoltaic Management Server Multiple Vulnerabilities. CVE-2012-5861,CVE-2012-5862,CVE-2012-5863,CVE-2012-5864. Webapps exploit for php platform
file	exploits/php/webapps/21273.txt
id	EDB-ID:21273
last seen	2016-02-02
modified	2012-09-12
platform	php
port
published	2012-09-12
reporter	Roberto Paleari
source	https://www.exploit-db.com/download/21273/
title	Ezylog Photovoltaic Management Server Multiple Vulnerabilities
type	webapps

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit-Db

References