{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-20T03:56:20.532","vulnerabilities":[{"cve":{"id":"CVE-2012-5864","sourceIdentifier":"ics-cert@hq.dhs.gov","published":"2012-11-23T12:09:58.540","lastModified":"2026-06-16T23:47:29.037","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"These Sinapsi devices \ndo not check if users that visit pages within the device have properly \nauthenticated. By directly visiting the pages within the device, \nattackers can gain unauthorized access with administrative privileges."},{"lang":"es","value":"Las páginas web de administración en el Sinapsi eSolar Light Photovoltaic System Monitor (también conocido como  servidor de gestión Schneider Electric Ezylog photovoltaic SCADA), Sinapsi eSolar, y Sinapsi eSolar DUO con firmware anterior a v2.0.2870_2.2.12 no requiere autenticación, lo que permite a atacantes obtener acceso administrativo mediante una petición directa, como se demostró por una petición a ping.php"}],"affected":[{"source":"ics-cert@hq.dhs.gov","affectedData":[{"vendor":"Sinapsi","product":"eSolar","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.2870_xxx_2.2.12","versionType":"custom","status":"affected"}]},{"vendor":"Sinapsi","product":"eSolar DUO","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.2870_xxx_2.2.12","versionType":"custom","status":"affected"}]},{"vendor":"Sinapsi","product":"eSolar Light","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"2.0.2870_xxx_2.2.12","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV2":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:N","baseScore":9.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"NONE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":9.2,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"ics-cert@hq.dhs.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-287"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sinapsitech:sinapsi_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.2870","matchCriteriaId":"382C527D-16D4-4557-8E68-C4430416DB57"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:h:sinapsitech:esolar_duo_photovoltaic_system_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"BF238DD2-D119-4652-B63B-9321DFB01A90"},{"vulnerable":true,"criteria":"cpe:2.3:h:sinapsitech:esolar_light_photovoltaic_system_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"C00B699F-DE3B-4371-B814-DE54038C60A0"},{"vulnerable":true,"criteria":"cpe:2.3:h:sinapsitech:esolar_photovoltaic_system_monitor:-:*:*:*:*:*:*:*","matchCriteriaId":"288B1E9C-52C3-4ACC-807D-F650B850D874"}]}]}],"references":[{"url":"http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html","source":"ics-cert@hq.dhs.gov","tags":["Exploit"]},{"url":"http://www.exploit-db.com/exploits/21273/","source":"ics-cert@hq.dhs.gov","tags":["Exploit"]},{"url":"http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88","source":"ics-cert@hq.dhs.gov"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80200","source":"ics-cert@hq.dhs.gov"},{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01","source":"ics-cert@hq.dhs.gov"},{"url":"http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.exploit-db.com/exploits/21273/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80203","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}