Vulnerability Description
These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sinapsitech | Sinapsi Firmware | <= 2.0.2870 |
| Sinapsitech | Esolar Duo Photovoltaic System Monitor | - |
| Sinapsitech | Esolar Light Photovoltaic System Monitor | - |
| Sinapsitech | Esolar Photovoltaic System Monitor | - |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.htmlExploit
- http://www.exploit-db.com/exploits/21273/Exploit
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
- https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.htmlExploit
- http://www.exploit-db.com/exploits/21273/Exploit
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdfUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80202
FAQ
What is CVE-2012-5863?
CVE-2012-5863 is a vulnerability with a CVSS score of 10.0 (HIGH). These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device...
How severe is CVE-2012-5863?
CVE-2012-5863 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5863?
Check the references section above for vendor advisories and patch information. Affected products include: Sinapsitech Sinapsi Firmware, Sinapsitech Esolar Duo Photovoltaic System Monitor, Sinapsitech Esolar Light Photovoltaic System Monitor, Sinapsitech Esolar Photovoltaic System Monitor.