Lucene search

[email protected]NVD:CVE-2019-19228

HistoryDec 04, 2019 - 7:15 p.m.

CVE-2019-19228

2019-12-0419:15:11

CWE-312

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.196

Percentile

96.4%

JSON

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.

Affected configurations

Nvd

Node

froniusdatamanager_box_2.0_firmwareRange<3.14.1

AND

froniusdatamanager_box_2.0Match-

Node

froniuseco_25.0-3-s_firmwareRange<3.14.1

AND

froniuseco_25.0-3-sMatch-

Node

froniuseco_27.0-3-s_firmwareRange<3.14.1

AND

froniuseco_27.0-3-sMatch-

Node

froniusgalvo_1.5-1_firmwareRange<3.14.1

AND

froniusgalvo_1.5-1Match-

Node

froniusgalvo_1.5-1_208-240_firmwareRange<3.14.1

AND

froniusgalvo_1.5-1_208-240Match-

Node

froniusgalvo_2.0-1_firmwareRange<3.14.1

AND

froniusgalvo_2.0-1Match-

Node

froniusgalvo_2.0-1_208-240_firmwareRange<3.14.1

AND

froniusgalvo_2.0-1_208-240Match-

Node

froniusgalvo_2.5-1_firmwareRange<3.14.1

AND

froniusgalvo_2.5-1Match-

Node

froniusgalvo_2.5-1_208-240_firmwareRange<3.14.1

AND

froniusgalvo_2.5-1_208-240Match-

Node

froniusgalvo_3.0-1_firmwareRange<3.14.1

AND

froniusgalvo_3.0-1Match-

Node

froniusgalvo_3.1-1_firmwareRange<3.14.1

AND

froniusgalvo_3.1-1Match-

Node

froniusgalvo_3.1-1_208-240_firmwareRange<3.14.1

AND

froniusgalvo_3.1-1_208-240Match-

Node

froniusprimo_10.0-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_10.0-1_208-240Match-

Node

froniusprimo_11.4-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_11.4-1_208-240Match-

Node

froniusprimo_12.5-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_12.5-1_208-240Match-

Node

froniusprimo_15.0-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_15.0-1_208-240Match-

Node

froniusprimo_3.0-1_firmwareRange<3.14.1

AND

froniusprimo_3.0-1Match-

Node

froniusprimo_3.5-1_firmwareRange<3.14.1

AND

froniusprimo_3.5-1Match-

Node

froniusprimo_3.6-1_firmwareRange<3.14.1

AND

froniusprimo_3.6-1Match-

Node

froniusprimo_3.8-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_3.8-1_208-240Match-

Node

froniusprimo_4.0-1_firmwareRange<3.14.1

AND

froniusprimo_4.0-1Match-

Node

froniusprimo_4.6-1_firmwareRange<3.14.1

AND

froniusprimo_4.6-1Match-

Node

froniusprimo_5.0-1_firmwareRange<3.14.1

AND

froniusprimo_5.0-1Match-

Node

froniusprimo_5.0-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_5.0-1_208-240Match-

Node

froniusprimo_5.0-1_aus_firmwareRange<3.14.1

AND

froniusprimo_5.0-1_ausMatch-

Node

froniusprimo_5.0-1_sc_firmwareRange<3.14.1

AND

froniusprimo_5.0-1_scMatch-

Node

froniusprimo_6.0-1_firmwareRange<3.14.1

AND

froniusprimo_6.0-1Match-

Node

froniusprimo_6.0-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_6.0-1_208-240Match-

Node

froniusprimo_7.6-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_7.6-1_208-240Match-

Node

froniusprimo_8.2-1_firmwareRange<3.14.1

AND

froniusprimo_8.2-1Match-

Node

froniusprimo_8.2-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_8.2-1_208-240Match-

Node

froniussymo_10.0-3-m_firmwareRange<3.14.1

AND

froniussymo_10.0-3-mMatch-

Node

froniussymo_10.0-3-m-os_firmwareRange<3.14.1

AND

froniussymo_10.0-3-m-osMatch-

Node

froniussymo_10.0-3_208-240_firmwareRange<3.14.1

AND

froniussymo_10.0-3_208-240Match-

Node

froniussymo_10.0-3_480_firmwareRange<3.14.1

AND

froniussymo_10.0-3_480Match-

Node

froniussymo_12.0-3_208-240_firmwareRange<3.14.1

AND

froniussymo_12.0-3_208-240Match-

Node

froniussymo_12.5-3-m_firmwareRange<3.14.1

AND

froniussymo_12.5-3-mMatch-

Node

froniussymo_12.5-3_480_firmwareRange<3.14.1

AND

froniussymo_12.5-3_480Match-

Node

froniussymo_15.0-3-m_firmwareRange<3.14.1

AND

froniussymo_15.0-3-mMatch-

Node

froniussymo_15.0-3_107_firmwareRange<3.14.1

AND

froniussymo_15.0-3_107Match-

Node

froniussymo_15.0-3_480_firmwareRange<3.14.1

AND

froniussymo_15.0-3_480Match-

Node

froniussymo_17.5-3-m_firmwareRange<3.14.1

AND

froniussymo_17.5-3-mMatch-

Node

froniussymo_17.5-3_480_firmwareRange<3.14.1

AND

froniussymo_17.5-3_480Match-

Node

froniussymo_20.0-3-m_firmwareRange<3.14.1

AND

froniussymo_20.0-3-mMatch-

Node

froniussymo_20.0-3_480_firmwareRange<3.14.1

AND

froniussymo_20.0-3_480Match-

Node

froniussymo_22.7-3_480_firmwareRange<3.14.1

AND

froniussymo_22.7-3_480Match-

Node

froniussymo_24.0-3_480_firmwareRange<3.14.1

AND

froniussymo_24.0-3_480Match-

Node

froniussymo_3.0-3-m_firmwareRange<3.14.1

AND

froniussymo_3.0-3-mMatch-

Node

froniussymo_3.0-3-s_firmwareRange<3.14.1

AND

froniussymo_3.0-3-sMatch-

Node

froniussymo_3.7-3-m_firmwareRange<3.14.1

AND

froniussymo_3.7-3-mMatch-

Node

froniussymo_3.7-3-s_firmwareRange<3.14.1

AND

froniussymo_3.7-3-sMatch-

Node

froniussymo_4.5-3-m_firmwareRange<3.14.1

AND

froniussymo_4.5-3-mMatch-

Node

froniussymo_4.5-3-s_firmwareRange<3.14.1

AND

froniussymo_4.5-3-sMatch-

Node

froniussymo_5.0-3-m_firmwareRange<3.14.1

AND

froniussymo_5.0-3-mMatch-

Node

froniussymo_6.0-3-m_firmwareRange<3.14.1

AND

froniussymo_6.0-3-mMatch-

Node

froniussymo_7.0-3-m_firmwareRange<3.14.1

AND

froniussymo_7.0-3-mMatch-

Node

froniussymo_8.2-3-m_firmwareRange<3.14.1

AND

froniussymo_8.2-3-mMatch-

Node

froniussymo_advanced_10.0-3_208-240_firmwareRange<3.14.1

AND

froniussymo_advanced_10.0-3_208-240Match-

Node

froniussymo_advanced_12.0-3_208-240_firmwareRange<3.14.1

AND

froniussymo_advanced_12.0-3_208-240Match-

Node

froniussymo_advanced_15.0-3_480_firmwareRange<3.14.1

AND

froniussymo_advanced_15.0-3_480Match-

Node

froniussymo_advanced_20.0-3_480_firmwareRange<3.14.1

AND

froniussymo_advanced_20.0-3_480Match-

Node

froniussymo_advanced_22.7-3_480_firmwareRange<3.14.1

AND

froniussymo_advanced_22.7-3_480Match-

Node

froniussymo_advanced_24.0-3_480_firmwareRange<3.14.1

AND

froniussymo_advanced_24.0-3_480Match-

Node

froniussymo_hybrid_3.0-3-m_firmwareRange<3.14.1

AND

froniussymo_hybrid_3.0-3-mMatch-

Node

froniussymo_hybrid_4.0-3-m_firmwareRange<3.14.1

AND

froniussymo_hybrid_4.0-3-mMatch-

Node

froniussymo_hybrid_5.0-3-m_firmwareRange<3.14.1

AND

froniussymo_hybrid_5.0-3-mMatch-

VendorProductVersionCPE
froniusdatamanager_box_2.0_firmware*cpe:2.3:o:fronius:datamanager_box_2.0_firmware:*:*:*:*:*:*:*:*
froniusdatamanager_box_2.0-cpe:2.3:h:fronius:datamanager_box_2.0:-:*:*:*:*:*:*:*
froniuseco_25.0-3-s_firmware*cpe:2.3:o:fronius:eco_25.0-3-s_firmware:*:*:*:*:*:*:*:*
froniuseco_25.0-3-s-cpe:2.3:h:fronius:eco_25.0-3-s:-:*:*:*:*:*:*:*
froniuseco_27.0-3-s_firmware*cpe:2.3:o:fronius:eco_27.0-3-s_firmware:*:*:*:*:*:*:*:*
froniuseco_27.0-3-s-cpe:2.3:h:fronius:eco_27.0-3-s:-:*:*:*:*:*:*:*
froniusgalvo_1.5-1_firmware*cpe:2.3:o:fronius:galvo_1.5-1_firmware:*:*:*:*:*:*:*:*
froniusgalvo_1.5-1-cpe:2.3:h:fronius:galvo_1.5-1:-:*:*:*:*:*:*:*
froniusgalvo_1.5-1_208-240_firmware*cpe:2.3:o:fronius:galvo_1.5-1_208-240_firmware:*:*:*:*:*:*:*:*
froniusgalvo_1.5-1_208-240-cpe:2.3:h:fronius:galvo_1.5-1_208-240:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fronius	datamanager_box_2.0_firmware	*	cpe:2.3:o:fronius:datamanager_box_2.0_firmware::::::::
fronius	datamanager_box_2.0	-	cpe:2.3:h:fronius:datamanager_box_2.0:-:::::::*
fronius	eco_25.0-3-s_firmware	*	cpe:2.3:o:fronius:eco_25.0-3-s_firmware::::::::
fronius	eco_25.0-3-s	-	cpe:2.3:h:fronius:eco_25.0-3-s:-:::::::*
fronius	eco_27.0-3-s_firmware	*	cpe:2.3:o:fronius:eco_27.0-3-s_firmware::::::::
fronius	eco_27.0-3-s	-	cpe:2.3:h:fronius:eco_27.0-3-s:-:::::::*
fronius	galvo_1.5-1_firmware	*	cpe:2.3:o:fronius:galvo_1.5-1_firmware::::::::
fronius	galvo_1.5-1	-	cpe:2.3:h:fronius:galvo_1.5-1:-:::::::*
fronius	galvo_1.5-1_208-240_firmware	*	cpe:2.3:o:fronius:galvo_1.5-1_208-240_firmware::::::::
fronius	galvo_1.5-1_208-240	-	cpe:2.3:h:fronius:galvo_1.5-1_208-240:-:::::::*

Rows per page:

1-10 of 1321

References

packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecure-Communication-Path-Traversal.html

sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-solar-inverter-series-cve-2019-19229-cve-2019-19228/

seclists.org/bugtraq/2019/Dec/5

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.196

Percentile

96.4%

JSON

Related for NVD:CVE-2019-19228

prion1 cvelist1 cve1 packetstorm1