CVE-2012-5863

{"id": "CVE-2012-5863", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-11-23T12:09:58.477", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html", "tags": ["Exploit"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.exploit-db.com/exploits/21273/", "tags": ["Exploit"], "source": "ics-cert@hq.dhs.gov"}, {"url": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80200", "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01", "source": "ics-cert@hq.dhs.gov"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/21273/", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80202", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "These Sinapsi devices do not check for special elements in commands sent \nto the system. By accessing certain pages with administrative privileges\n that do not require authentication within the device, attackers can \nexecute arbitrary, unexpected, or dangerous commands directly onto the \noperating system."}, {"lang": "es", "value": "ping.php en el Sinapsi eSolar Light Photovoltaic System Monitor (tambi\u00e9n conocido como servidor de gesti\u00f3n Schneider Electric Ezylog photovoltaic SCADA), Sinapsi eSolar, y Sinapsi eSolar DUO con firmware anterior a v2.0.2870_2.2.12 permite a atacantes remotos ejecutar comandos arbitarios mediante una shell de metacaracteres en el par\u00e1metro ip_dominio."}], "lastModified": "2025-07-08T16:15:26.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "382C527D-16D4-4557-8E68-C4430416DB57", "versionEndIncluding": "2.0.2870"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF238DD2-D119-4652-B63B-9321DFB01A90"}, {"criteria": "cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C00B699F-DE3B-4371-B814-DE54038C60A0"}, {"criteria": "cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "288B1E9C-52C3-4ACC-807D-F650B850D874"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}