Vulnerability Description
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sinapsitech | Sinapsi Firmware | <= 2.0.2870 |
| Sinapsitech | Esolar Duo Photovoltaic System Monitor | - |
| Sinapsitech | Esolar Light Photovoltaic System Monitor | - |
| Sinapsitech | Esolar Photovoltaic System Monitor | - |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.htmlExploit
- http://www.exploit-db.com/exploits/21273/Exploit
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
- https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.htmlExploit
- http://www.exploit-db.com/exploits/21273/Exploit
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdfUS Government Resource
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80203
FAQ
What is CVE-2012-5864?
CVE-2012-5864 is a vulnerability with a CVSS score of 9.4 (HIGH). These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access ...
How severe is CVE-2012-5864?
CVE-2012-5864 has been rated HIGH with a CVSS base score of 9.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-5864?
Check the references section above for vendor advisories and patch information. Affected products include: Sinapsitech Sinapsi Firmware, Sinapsitech Esolar Duo Photovoltaic System Monitor, Sinapsitech Esolar Light Photovoltaic System Monitor, Sinapsitech Esolar Photovoltaic System Monitor.