ID
VAR-201209-0658
TITLE
Ezylog photovoltaic management server Built-in account vulnerability
Trust: 0.8
DESCRIPTION
Ezylog photovoltaic management server is a SCADA product. Ezylog photovoltaic management server \"login.php\" will check the user authentication information, but the device has built-in authorization 2 (some settings are 3) accounts, these accounts have predefined passwords (such as the encrypted ciphertext is \"satIZufhIrUfk\", the corresponding string is \"36e44c9b64\") is built into the PHP file and cannot be changed or deleted by an attacker to gain unauthorized access to the device
Trust: 0.72
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
AFFECTED PRODUCTS
| vendor: | schneider | model: | electric ezylog photovoltaic management server | scope: | - | version: | - | Trust: 0.6 |
| vendor: | schneider | model: | electric ezylog photovoltaic management server null | scope: | eq | version: | * | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
TYPE
Permission permissions and access control issues
Trust: 0.2
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2012-5078 | Trust: 0.8 |
| db: | IVD | id: | 4B52BDC4-1F56-11E6-ABEF-000C29C66E3D | Trust: 0.2 |
REFERENCES
| url: | http://seclists.org/bugtraq/2012/sep/44 | Trust: 0.6 |
SOURCES
| db: | IVD | id: | 4b52bdc4-1f56-11e6-abef-000c29c66e3d |
| db: | CNVD | id: | CNVD-2012-5078 |
LAST UPDATE DATE
2022-05-17T01:57:52.496000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2012-5078 | date: | 2012-09-13T00:00:00 |
SOURCES RELEASE DATE
| db: | IVD | id: | 4b52bdc4-1f56-11e6-abef-000c29c66e3d | date: | 2012-09-13T00:00:00 |
| db: | CNVD | id: | CNVD-2012-5078 | date: | 2012-09-13T00:00:00 |