Vulnerabilities > CVE-2012-5862 - Cryptographic Issues vulnerability in Sinapsitech products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 1 | |
| Hardware | 3 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Exploit-Db
| description | Ezylog Photovoltaic Management Server Multiple Vulnerabilities. CVE-2012-5861,CVE-2012-5862,CVE-2012-5863,CVE-2012-5864. Webapps exploit for php platform |
| file | exploits/php/webapps/21273.txt |
| id | EDB-ID:21273 |
| last seen | 2016-02-02 |
| modified | 2012-09-12 |
| platform | php |
| port | |
| published | 2012-09-12 |
| reporter | Roberto Paleari |
| source | https://www.exploit-db.com/download/21273/ |
| title | Ezylog Photovoltaic Management Server Multiple Vulnerabilities |
| type | webapps |