CVE-2012-5864
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
23/11/2012
Last modified:
08/07/2025
Description
These Sinapsi devices <br />
do not check if users that visit pages within the device have properly <br />
authenticated. By directly visiting the pages within the device, <br />
attackers can gain unauthorized access with administrative privileges.
Impact
Base Score 2.0
9.40
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:* | 2.0.2870 (including) | |
| cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
- http://www.exploit-db.com/exploits/21273/
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
- https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
- http://www.exploit-db.com/exploits/21273/
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80203