{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-27T00:14:45.187","vulnerabilities":[{"cve":{"id":"CVE-2012-5861","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2012-11-23T12:09:58.367","lastModified":"2026-06-16T23:47:28.683","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"These Sinapsi devices do not check the validity of the data before \nexecuting queries. By accessing the SQL table of certain pages that do \nnot require authentication within the device, attackers can leak \ninformation from the device. This could allow the attacker to compromise\n confidentiality."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en el Sinapsi eSolar Light Photovoltaic System Monitor (también conocido como servidor de gestión Schneider Electric Ezylog photovoltaic SCADA ), Sinapsi eSolar, y Sinapsi eSolar DUO con firmware anterior a v2.0.2870_2.2.12 permite a atacantes remotos ejecutar comandos SQL de su elección a través de (1) el parámetro inverterselect en una acción primo para dettagliinverter.php o (2) el parámetro lingua para changelanguagesession.php."}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Sinapsi","product":"eSolar","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.2870_xxx_2.2.12","versionType":"custom","status":"affected"}]},{"vendor":"Sinapsi","product":"eSolar DUO","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.2870_xxx_2.2.12","versionType":"custom","status":"affected"}]},{"vendor":"Sinapsi","product":"eSolar Light","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.2870_xxx_2.2.12","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","baseScore":7.8,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.2870","matchCriteriaId":"382C527D-16D4-4557-8E68-C4430416DB57"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"BF238DD2-D119-4652-B63B-9321DFB01A90"},{"vulnerable":true,"criteria":"cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"C00B699F-DE3B-4371-B814-DE54038C60A0"},{"vulnerable":true,"criteria":"cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"288B1E9C-52C3-4ACC-807D-F650B850D874"}]}]}],"references":[{"url":"http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html","source":"ics-cert@hq.dhs.gov","tags":["Exploit"]},{"url":"http://www.exploit-db.com/exploits/21273/","source":"ics-cert@hq.dhs.gov","tags":["Exploit"]},{"url":"http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88","source":"ics-cert@hq.dhs.gov"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80200","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01","source":"ics-cert@hq.dhs.gov"},{"url":"http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.exploit-db.com/exploits/21273/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80201","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}