CVE-2012-5861

Sinapsi eSolar, eSolar DUO, and eSolar Light < 2.0.2870_xxx_2.2.12 - Unauthenticated SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5861. PoCs published by Roberto Paleari.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in the Schneider Electric Ezylog photovoltaic SCADA management server, including SQL injection, hard-coded accounts, command injection, and broken session enforcement. It provides technical analysis, code snippets, and exploitation examples.

Description

These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.

Exploits (1)

exploitdb WRITEUP

by Roberto Paleari · textwebappsphp

https://www.exploit-db.com/exploits/21273

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in the Schneider Electric Ezylog photovoltaic SCADA management server, including SQL injection, hard-coded accounts, command injection, and broken session enforcement. It provides technical analysis, code snippets, and exploitation examples.

Classification

Writeup 100%

Attack Type

Sqli | Rce | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Schneider Electric Ezylog photovoltaic SCADA management server (all firmware versions analyzed)

No auth needed

Prerequisites: Network access to the management interface

MITRE ATT&CK