{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"EOS-Box","vendor":"Carlo Gavazzi Automation","versions":[{"lessThan":"1.0.0.1080_2.1.10","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>\nThe Carlo Gavazzi \nEOS-Box\n\ndoes not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.</p>"}],"value":"The Carlo Gavazzi \nEOS-Box\n\ndoes not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality."}],"metrics":[{"cvssV2_0":{"accessComplexity":"LOW","accessVector":"NETWORK","authentication":"NONE","availabilityImpact":"NONE","baseScore":7.8,"confidentialityImpact":"COMPLETE","integrityImpact":"NONE","vectorString":"AV:N/AC:L/Au:N/C:C/I:N/A:N","version":"2.0"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-89","description":"CWE-89","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2025-07-01T20:01:06.026Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-12-354-02"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Carlo Gavazzi has developed a new firmware Version 1.0.0.1080_2.1.10 \nthat mitigates these vulnerabilities. Carlo Gavazzi released the new \nfirmware Tuesday, December 18, 2012, directly to the devices. Users will\n be able to manually download the firmware on their device by using the \nFirmware Update function in the System Menu in the device’s Web \ninterface.\n\n<br>"}],"value":"Carlo Gavazzi has developed a new firmware Version 1.0.0.1080_2.1.10 \nthat mitigates these vulnerabilities. Carlo Gavazzi released the new \nfirmware Tuesday, December 18, 2012, directly to the devices. Users will\n be able to manually download the firmware on their device by using the \nFirmware Update function in the System Menu in the device’s Web \ninterface."}],"source":{"advisory":"ICSA-12-354-02","discovery":"UNKNOWN"},"title":"Carlo Gavazzi EOS Box SQL Injection","x_generator":{"engine":"Vulnogram 0.2.0"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2012-6427","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf","refsource":"MISC","url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T21:28:39.786Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf"}]}]},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2012-6427","datePublished":"2012-12-23T21:00:00.000Z","dateReserved":"2012-12-18T00:00:00.000Z","dateUpdated":"2025-07-01T20:01:06.026Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}