The Carlo Gavazzi
EOS-Box
does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
References
Link | Resource |
---|---|
https://www.cisa.gov/news-events/ics-advisories/icsa-12-354-02 | |
http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf | US Government Resource |
Configurations
Configuration 1 (hide)
AND |
|
History
01 Jul 2025, 20:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality. | |
CVSS |
v2 : v3 : |
v2 : 7.8
v3 : unknown |
References |
|
21 Nov 2024, 01:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf - US Government Resource |
Information
Published : 2012-12-23 21:55
Updated : 2025-07-01 20:15
NVD link : CVE-2012-6427
Mitre link : CVE-2012-6427
CVE.ORG link : CVE-2012-6427
JSON object : View
Products Affected
carlosgavazzi
- eos-box_photovoltaic_monitoring_system
- eos-box_photovoltaic_monitoring_system_firmware
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')