CVE-2012-6428

{"id": "CVE-2012-6428", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-23T21:55:01.653", "references": [{"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf", "tags": ["US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 establishes multiple hardcoded accounts, which makes it easier for remote attackers to obtain administrative access by reading a password in a PHP script, a similar issue to CVE-2012-5862."}, {"lang": "es", "value": "Carlo Gavazzi EOS-Box con firmware antes de v1.0.0.1080_2.1.10 establece varias cuentas 'harcodeadas', lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso administrativo al leer una contrase\u00f1a en un script PHP. Se trata de un problema similar a CVE-2012-5862a\r\n"}], "lastModified": "2013-01-08T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:carlosgavazzi:eos-box_photovoltaic_monitoring_system_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61868231-4AC6-476D-8A7F-0520E46044F0", "versionEndIncluding": "1.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:carlosgavazzi:eos-box_photovoltaic_monitoring_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66B585E4-5C68-49BB-BD40-8D166067D32A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}