Release date:
Updated on:
Affected Systems:
Sinapsi eSolar 2.x
Sinapsi eSolar DUO 2.x
Sinapsi eSolar Light 2.x
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-5864
Sinapsi eSolar Light is a monitoring system used in solar applications.
ESolar, eSolar DUO, and eSolar Light do not check whether the user accessing the page on the device has passed authentication. By directly accessing the page on the device, attackers can obtain unauthorized access permissions by using the Administrator identity.
<* Source: vendor
Link: http://secunia.com/advisories/51364/
Http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Sinapsi
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.sinapsitech.it/