CVE-2012-5864

Sinapsi eSolar, eSolar DUO, eSolar Light, and sinapsi_firmware < 2.0.2870 - Unauthenticated Administrative Access

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5864. PoCs published by Roberto Paleari.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in the Schneider Electric Ezylog photovoltaic SCADA management server, including SQL injection, hard-coded accounts, command injection, and broken session enforcement. It provides technical analysis, code snippets, and exploitation examples.

Description

These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges.

Exploits (1)

exploitdb WRITEUP

by Roberto Paleari · textwebappsphp

https://www.exploit-db.com/exploits/21273

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in the Schneider Electric Ezylog photovoltaic SCADA management server, including SQL injection, hard-coded accounts, command injection, and broken session enforcement. It provides technical analysis, code snippets, and exploitation examples.

Classification

Writeup 100%

Attack Type

Sqli | Rce | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Schneider Electric Ezylog photovoltaic SCADA management server (all firmware versions analyzed)

No auth needed

Prerequisites: Network access to the management interface

MITRE ATT&CK