Description
These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
Exploits (1)
References (7)
Core 7
Core References
US Government Resource
http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
Third Party Advisory, VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/80201
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/21273/
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/80200
Various Sources x_refsource_confirm
http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
Scores
EPSS
0.1381
EPSS Percentile
94.3%
Details
CWE
CWE-89
Status
published
Products (7)
Sinapsi/eSolar
< 2.0.2870_xxx_2.2.12
Sinapsi/eSolar DUO
< 2.0.2870_xxx_2.2.12
Sinapsi/eSolar Light
< 2.0.2870_xxx_2.2.12
sinapsitech/esolar_duo_photovoltaic_system_monitor
sinapsitech/esolar_light_photovoltaic_system_monitor
sinapsitech/esolar_photovoltaic_system_monitor
sinapsitech/sinapsi_firmware
< 2.0.2870
Published
Nov 23, 2012
Tracked Since
Feb 18, 2026