CVE-2012-6428

Published: Dec 23, 2012Modified: Apr 29, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.

Affected (2)

Products: Carlosgavazzi: Eos Box Photovoltaic Monitoring System Firmware, Eos Box Photovoltaic Monitoring System

Carlosgavazzi

2 products

Eos Box Photovoltaic Monitoring System Firmware

Eos Box Photovoltaic Monitoring System

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Carlosgavazzi Eos Box Photovoltaic Monitoring System Firmware	Up to 1.0.0
Carlosgavazzi Eos Box Photovoltaic Monitoring System	All versions

Related CWEs

CWE-255

CWE-798

Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

References (2)

https://www.cisa.gov/news-events/ics-advisories/icsa-12-354-02

Source: ics-cert@hq.dhs.gov

http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

Timeline

No history available yet.