Vulnerabilities > Sinapsitech

DATE	CVE	VULNERABILITY TITLE	RISK
2012-11-23	CVE-2012-5864	Permissions, Privileges, and Access Controls vulnerability in Sinapsitech products The management web pages on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 do not require authentication, which allows remote attackers to obtain administrative access via a direct request, as demonstrated by a request to ping.php. network low complexity sinapsitech CWE-264 critical	10.0
2012-11-23	CVE-2012-5863	Permissions, Privileges, and Access Controls vulnerability in Sinapsitech products ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in the ip_dominio parameter. network low complexity sinapsitech CWE-264 critical	10.0
2012-11-23	CVE-2012-5862	Cryptographic Issues vulnerability in Sinapsitech products login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by leveraging a (1) cleartext password or (2) password hash contained in this script, as demonstrated by a password of astridservice or 36e44c9b64. network low complexity sinapsitech CWE-310 critical	10.0
2012-11-23	CVE-2012-5861	SQL Injection vulnerability in Sinapsitech products Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php. network low complexity sinapsitech CWE-89	7.5

Vulnerabilities > Sinapsitech {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Sinapsitech"}]}

Vulnerabilities > Sinapsitech