CVE-2012-5861

{"id": "CVE-2012-5861", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-23T12:09:58.367", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html", "tags": ["Exploit"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.exploit-db.com/exploits/21273/", "tags": ["Exploit"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80200", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/21273/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80201", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-89"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "These Sinapsi devices do not check the validity of the data before \nexecuting queries. By accessing the SQL table of certain pages that do \nnot require authentication within the device, attackers can leak \ninformation from the device. This could allow the attacker to compromise\n confidentiality."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en el Sinapsi eSolar Light Photovoltaic System Monitor (tambi\u00e9n conocido como servidor de gesti\u00f3n Schneider Electric Ezylog photovoltaic SCADA ), Sinapsi eSolar, y Sinapsi eSolar DUO con firmware anterior a v2.0.2870_2.2.12 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro inverterselect en una acci\u00f3n primo para dettagliinverter.php o (2) el par\u00e1metro lingua para changelanguagesession.php."}], "lastModified": "2025-07-08T16:15:25.743", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "382C527D-16D4-4557-8E68-C4430416DB57", "versionEndIncluding": "2.0.2870"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF238DD2-D119-4652-B63B-9321DFB01A90"}, {"criteria": "cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C00B699F-DE3B-4371-B814-DE54038C60A0"}, {"criteria": "cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "288B1E9C-52C3-4ACC-807D-F650B850D874"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}