10
CVE-2012-5864
- EPSS 4.91%
- Veröffentlicht 23.11.2012 12:09:58
- Zuletzt bearbeitet 16.06.2026 23:47:29
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginSinapsi eSolar Improper Authentication
These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sinapsitech ≫ Sinapsi Firmware Version <= 2.0.2870
Sinapsitech ≫ Esolar Photovoltaic System Monitor Version-
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.91% | 0.91 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 10 | 10 |
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
| ics-cert@hq.dhs.gov | 9.4 | 10 | 9.2 |
AV:N/AC:L/Au:N/C:C/I:C/A:N
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
http://www.exploit-db.com/exploits/21273/
http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
https://exchange.xforce.ibmcloud.com/vulnerabilities/80203
https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01