CVE-2012-6427 — HIGH (7.8) — White Hats Nepal

Q: How severe is CVE-2012-6427?

CVE-2012-6427 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2012-6427?

Check the references section above for vendor advisories and patch information. Affected products include: Carlosgavazzi Eos-Box Photovoltaic Monitoring System Firmware, Carlosgavazzi Eos-Box Photovoltaic Monitoring System.

Vulnerability Description

The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.

CVSS Score

7.8

HIGH

AV:N/AC:L/Au:N/C:C/I:N/A:N

Confidentiality

COMPLETE

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Carlosgavazzi	Eos-Box Photovoltaic Monitoring System Firmware	<= 1.0.0
Carlosgavazzi	Eos-Box Photovoltaic Monitoring System	-

Related Weaknesses (CWE)

CWE-89

References

https://www.cisa.gov/news-events/ics-advisories/icsa-12-354-02
http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdfUS Government Resource

FAQ

What is CVE-2012-6427?

CVE-2012-6427 is a vulnerability with a CVSS score of 7.8 (HIGH). The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak informa...

How severe is CVE-2012-6427?

CVE-2012-6427 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2012-6427?

Check the references section above for vendor advisories and patch information. Affected products include: Carlosgavazzi Eos-Box Photovoltaic Monitoring System Firmware, Carlosgavazzi Eos-Box Photovoltaic Monitoring System.