CVE-2012-5863
Severity CVSS v4.0:
Pending analysis
Type:
CWE-78
OS Command Injections
Publication date:
23/11/2012
Last modified:
08/07/2025
Description
These Sinapsi devices do not check for special elements in commands sent <br />
to the system. By accessing certain pages with administrative privileges<br />
that do not require authentication within the device, attackers can <br />
execute arbitrary, unexpected, or dangerous commands directly onto the <br />
operating system.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:* | 2.0.2870 (including) | |
| cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
- http://www.exploit-db.com/exploits/21273/
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
- https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
- http://www.exploit-db.com/exploits/21273/
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80202