CVE-2012-5862
Severity CVSS v4.0:
Pending analysis
Type:
CWE-259
Use of Hard-coded Password
Publication date:
23/11/2012
Last modified:
08/07/2025
Description
These Sinapsi devices<br />
store hard-coded passwords in the PHP file of the device. By using the <br />
hard-coded passwords in the device, attackers can log into the device <br />
with administrative privileges. This could allow the attacker to have <br />
unauthorized access.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:* | 2.0.2870 (including) | |
| cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
- http://www.exploit-db.com/exploits/21273/
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
- https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
- http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
- http://www.exploit-db.com/exploits/21273/
- http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
- http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80200