CVE-2012-6427

The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:carlosgavazzi:eos-box_photovoltaic_monitoring_system_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:carlosgavazzi:eos-box_photovoltaic_monitoring_system:-:*:*:*:*:*:*:*

History

01 Jul 2025, 20:15

Type Values Removed Values Added
Summary (en) Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861. (en) The Carlo Gavazzi EOS-Box does not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
CVSS v2 : 7.5
v3 : unknown
v2 : 7.8
v3 : unknown
References
  • () https://www.cisa.gov/news-events/ics-advisories/icsa-12-354-02 -

21 Nov 2024, 01:46

Type Values Removed Values Added
References () http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf - US Government Resource () http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf - US Government Resource

Information

Published : 2012-12-23 21:55

Updated : 2025-07-01 20:15


NVD link : CVE-2012-6427

Mitre link : CVE-2012-6427

CVE.ORG link : CVE-2012-6427


JSON object : View

Products Affected

carlosgavazzi

  • eos-box_photovoltaic_monitoring_system
  • eos-box_photovoltaic_monitoring_system_firmware
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')