Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:MISC:SINAPSI-CMD-INJ

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Sinapsi Command Injection

Release Date

 2014/10/22

Update Number

 2432

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Sinapsi Command Injection


This signature detects an attempt to exploit a known vulnerability against Sinapsi application. Successful exploitation could allow an attacker to inject arbitrary commands into the context of the running application.

Extended Description

ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in the ip_dominio parameter.

Affected Products

  • Sinapsitech esolar_duo_photovoltaic_system_monitor -
  • Sinapsitech esolar_light_photovoltaic_system_monitor -
  • Sinapsitech esolar_photovoltaic_system_monitor -
  • Sinapsitech sinapsi_firmware 2.0.2870

References

  • BugTraq: 55872
  • CVE: CVE-2012-5863

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out