ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka Schneider Electric Ezylog photovoltaic SCADA management server), Sinapsi eSolar, and Sinapsi eSolar DUO with firmware before 2.0.2870_2.2.12 allows remote attackers to execute arbitrary commands via shell metacharacters in the ip_dominio parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Sinapsi_firmware | Sinapsitech | * | 2.0.2870 (including) |