{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"EOS-Box","vendor":"Carlo Gavazzi Automation","versions":[{"lessThan":"1.0.0.1080_2.1.10","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>\nThe Carlo Gavazzi \nEOS-Box\n\nstores hard-coded passwords in the PHP file of \nthe device. By using the hard-coded passwords, attackers can log into \nthe device with administrative privileges. This could allow the attacker\n to have unauthorized access.\n\n</p>"}],"value":"The Carlo Gavazzi \nEOS-Box\n\nstores hard-coded passwords in the PHP file of \nthe device. By using the hard-coded passwords, attackers can log into \nthe device with administrative privileges. This could allow the attacker\n to have unauthorized access."}],"metrics":[{"cvssV2_0":{"accessComplexity":"LOW","accessVector":"NETWORK","authentication":"NONE","availabilityImpact":"COMPLETE","baseScore":10,"confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","version":"2.0"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-798","description":"CWE-798","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","shortName":"icscert","dateUpdated":"2025-07-01T19:59:06.114Z"},"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-12-354-02"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Carlo Gavazzi has developed a new firmware Version 1.0.0.1080_2.1.10 \nthat mitigates these vulnerabilities. Carlo Gavazzi released the new \nfirmware Tuesday, December 18, 2012, directly to the devices. Users will\n be able to manually download the firmware on their device by using the \nFirmware Update function in the System Menu in the device’s Web \ninterface.\n\n<br>"}],"value":"Carlo Gavazzi has developed a new firmware Version 1.0.0.1080_2.1.10 \nthat mitigates these vulnerabilities. Carlo Gavazzi released the new \nfirmware Tuesday, December 18, 2012, directly to the devices. Users will\n be able to manually download the firmware on their device by using the \nFirmware Update function in the System Menu in the device’s Web \ninterface."}],"source":{"advisory":"ICSA-12-354-02","discovery":"UNKNOWN"},"title":"Carlo Gavazzi EOS Box Hard-Coded Credentials","x_generator":{"engine":"Vulnogram 0.2.0"},"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","ID":"CVE-2012-6427","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a similar issue to CVE-2012-5861."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf","refsource":"MISC","url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T21:28:39.939Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.us-cert.gov/control_systems/pdf/ICSA-12-354-02.pdf"}]}]},"cveMetadata":{"assignerOrgId":"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6","assignerShortName":"icscert","cveId":"CVE-2012-6428","datePublished":"2012-12-23T21:00:00.000Z","dateReserved":"2012-12-18T00:00:00.000Z","dateUpdated":"2025-07-01T19:59:06.114Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}