CVE-2012-6428

{"id": "CVE-2012-6428", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, {"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2012-12-23T21:55:01.653", "references": [{"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-12-354-02", "source": "[email protected]"}, {"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-798"}]}, {"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-255"}]}], "descriptions": [{"lang": "en", "value": "The Carlo Gavazzi \nEOS-Box\n\nstores hard-coded passwords in the PHP file of \nthe device. By using the hard-coded passwords, attackers can log into \nthe device with administrative privileges. This could allow the attacker\n to have unauthorized access."}, {"lang": "es", "value": "Carlo Gavazzi EOS-Box con firmware antes de v1.0.0.1080_2.1.10 establece varias cuentas 'harcodeadas', lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos obtener acceso administrativo al leer una contrase\u00f1a en un script PHP. Se trata de un problema similar a CVE-2012-5862a\r\n"}], "lastModified": "2025-07-01T20:15:24.300", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:carlosgavazzi:eos-box_photovoltaic_monitoring_system_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61868231-4AC6-476D-8A7F-0520E46044F0", "versionEndIncluding": "1.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:carlosgavazzi:eos-box_photovoltaic_monitoring_system:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66B585E4-5C68-49BB-BD40-8D166067D32A"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}