HTTP: Sinapsi eSolar Light Photovoltaic System Monitor SQL Injection
This signature detects SQL injection attempts against Sinapsi eSolar Light. A successful attack could result in arbitrary modification of the database.
Extended Description
Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allow remote attackers to execute arbitrary SQL commands via (1) the inverterselect parameter in a primo action to dettagliinverter.php or (2) the lingua parameter to changelanguagesession.php.
Short Name
HTTP:SQL:INJ:SINAPSI-ESOLAR
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2012-5861 Injection Light Monitor Photovoltaic SQL Sinapsi System bid:55872 eSolar
Release Date
11/18/2014
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
CVSS Score
7.5