CVE-2012-5863

These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system.

🔗 References (10)

• ics-cert@hqhttp://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
• ics-cert@hqhttp://www.exploit-db.com/exploits/21273/
• ics-cert@hqhttp://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
• ics-cert@hqhttps://exchange.xforce.ibmcloud.com/vulnerabilities/80200
• ics-cert@hqhttps://www.cisa.gov/news-events/ics-advisories/icsa-12-325-01
• af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-09/0045.html
• af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/21273/
• af854a3a-2127-422b-91ae-364da2661108http://www.sinapsitech.it/default.asp?active_page_id=78&news_id=88
• af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/control_systems/pdf/ICSA-12-325-01.pdf
• af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/80202