CVE-2019-19228 : Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypa

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.

Published 2019-12-04 19:15:12

Updated 2019-12-16 14:10:19

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-19228

Fronius » Datamanager Box 2.0 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:datamanager_box_2.0_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Datamanager Box 2.0 » Version: N/A
Fronius » Eco 25.0-3-s Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:eco_25.0-3-s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Eco 25.0-3-s » Version: N/A
Fronius » Eco 27.0-3-s Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:eco_27.0-3-s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Eco 27.0-3-s » Version: N/A
Fronius » Galvo 1.5-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:galvo_1.5-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Galvo 1.5-1 » Version: N/A
Fronius » Galvo 1.5-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:galvo_1.5-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Galvo 1.5-1 208-240 » Version: N/A
Fronius » Galvo 2.0-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:galvo_2.0-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Galvo 2.0-1 » Version: N/A
Fronius » Galvo 2.0-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:galvo_2.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Galvo 2.0-1 208-240 » Version: N/A
Fronius » Galvo 2.5-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:galvo_2.5-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Galvo 2.5-1 » Version: N/A
Fronius » Galvo 2.5-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:galvo_2.5-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Galvo 2.5-1 208-240 » Version: N/A
Fronius » Galvo 3.0-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:galvo_3.0-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Galvo 3.0-1 » Version: N/A
Fronius » Galvo 3.1-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:galvo_3.1-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Galvo 3.1-1 » Version: N/A
Fronius » Galvo 3.1-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:galvo_3.1-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Galvo 3.1-1 208-240 » Version: N/A
Fronius » Primo 10.0-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_10.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 10.0-1 208-240 » Version: N/A
Fronius » Primo 11.4-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_11.4-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 11.4-1 208-240 » Version: N/A
Fronius » Primo 12.5-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_12.5-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 12.5-1 208-240 » Version: N/A
Fronius » Primo 15.0-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_15.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 15.0-1 208-240 » Version: N/A
Fronius » Primo 3.0-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_3.0-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 3.0-1 » Version: N/A
Fronius » Primo 3.5-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_3.5-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 3.5-1 » Version: N/A
Fronius » Primo 3.6-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_3.6-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 3.6-1 » Version: N/A
Fronius » Primo 3.8-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_3.8-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 3.8-1 208-240 » Version: N/A
Fronius » Primo 4.0-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_4.0-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 4.0-1 » Version: N/A
Fronius » Primo 4.6-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_4.6-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 4.6-1 » Version: N/A
Fronius » Primo 5.0-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_5.0-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 5.0-1 » Version: N/A
Fronius » Primo 5.0-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_5.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 5.0-1 208-240 » Version: N/A
Fronius » Primo 5.0-1 Aus Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_5.0-1_aus_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 5.0-1 Aus » Version: N/A
Fronius » Primo 5.0-1 Sc Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_5.0-1_sc_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 5.0-1 Sc » Version: N/A
Fronius » Primo 6.0-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_6.0-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 6.0-1 » Version: N/A
Fronius » Primo 6.0-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_6.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 6.0-1 208-240 » Version: N/A
Fronius » Primo 7.6-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_7.6-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 7.6-1 208-240 » Version: N/A
Fronius » Primo 8.2-1 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_8.2-1_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 8.2-1 » Version: N/A
Fronius » Primo 8.2-1 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:primo_8.2-1_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Primo 8.2-1 208-240 » Version: N/A
Fronius » Symo 10.0-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_10.0-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 10.0-3-m » Version: N/A
Fronius » Symo 10.0-3-m-os Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_10.0-3-m-os_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 10.0-3-m-os » Version: N/A
Fronius » Symo 10.0-3 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_10.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 10.0-3 208-240 » Version: N/A
Fronius » Symo 10.0-3 480 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_10.0-3_480_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 10.0-3 480 » Version: N/A
Fronius » Symo 12.0-3 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_12.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 12.0-3 208-240 » Version: N/A
Fronius » Symo 12.5-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_12.5-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 12.5-3-m » Version: N/A
Fronius » Symo 12.5-3 480 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_12.5-3_480_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 12.5-3 480 » Version: N/A
Fronius » Symo 15.0-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_15.0-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 15.0-3-m » Version: N/A
Fronius » Symo 15.0-3 107 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_15.0-3_107_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 15.0-3 107 » Version: N/A
Fronius » Symo 15.0-3 480 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_15.0-3_480_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 15.0-3 480 » Version: N/A
Fronius » Symo 17.5-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_17.5-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 17.5-3-m » Version: N/A
Fronius » Symo 17.5-3 480 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_17.5-3_480_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 17.5-3 480 » Version: N/A
Fronius » Symo 20.0-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_20.0-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 20.0-3-m » Version: N/A
Fronius » Symo 20.0-3 480 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_20.0-3_480_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 20.0-3 480 » Version: N/A
Fronius » Symo 22.7-3 480 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_22.7-3_480_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 22.7-3 480 » Version: N/A
Fronius » Symo 24.0-3 480 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_24.0-3_480_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 24.0-3 480 » Version: N/A
Fronius » Symo 3.0-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_3.0-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 3.0-3-m » Version: N/A
Fronius » Symo 3.0-3-s Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_3.0-3-s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 3.0-3-s » Version: N/A
Fronius » Symo 3.7-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_3.7-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 3.7-3-m » Version: N/A
Fronius » Symo 3.7-3-s Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_3.7-3-s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 3.7-3-s » Version: N/A
Fronius » Symo 4.5-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_4.5-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 4.5-3-m » Version: N/A
Fronius » Symo 4.5-3-s Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_4.5-3-s_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 4.5-3-s » Version: N/A
Fronius » Symo 5.0-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_5.0-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 5.0-3-m » Version: N/A
Fronius » Symo 6.0-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_6.0-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 6.0-3-m » Version: N/A
Fronius » Symo 7.0-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_7.0-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 7.0-3-m » Version: N/A
Fronius » Symo 8.2-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_8.2-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo 8.2-3-m » Version: N/A
Fronius » Symo Advanced 10.0-3 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_advanced_10.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo Advanced 10.0-3 208-240 » Version: N/A
Fronius » Symo Advanced 12.0-3 208-240 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_advanced_12.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo Advanced 12.0-3 208-240 » Version: N/A
Fronius » Symo Advanced 15.0-3 480 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_advanced_15.0-3_480_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo Advanced 15.0-3 480 » Version: N/A
Fronius » Symo Advanced 20.0-3 480 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_advanced_20.0-3_480_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo Advanced 20.0-3 480 » Version: N/A
Fronius » Symo Advanced 22.7-3 480 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_advanced_22.7-3_480_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo Advanced 22.7-3 480 » Version: N/A
Fronius » Symo Advanced 24.0-3 480 Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_advanced_24.0-3_480_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo Advanced 24.0-3 480 » Version: N/A
Fronius » Symo Hybrid 3.0-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_hybrid_3.0-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo Hybrid 3.0-3-m » Version: N/A
Fronius » Symo Hybrid 4.0-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_hybrid_4.0-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo Hybrid 4.0-3-m » Version: N/A
Fronius » Symo Hybrid 5.0-3-m Firmware
Versions before (<) 3.14.1
cpe:2.3:o:fronius:symo_hybrid_5.0-3-m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Fronius » Symo Hybrid 5.0-3-m » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2019-19228

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 45 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-19228

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-19228

CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2019-19228

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-solar-inverter-series-cve-2019-19229-cve-2019-19228/

Multiple vulnerabilites in Fronius Solar Inverter Series (CVE-2019-19229, CVE-2019-19228) – SEC Consult
Exploit;Third Party Advisory

CVEs referencing this url
https://seclists.org/bugtraq/2019/Dec/5

Bugtraq: SEC Consult SA-20191203-0 :: Multiple vulnerabilites in Fronius Solar Inverter Series
Exploit;Mailing List;Third Party Advisory

CVEs referencing this url
http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecure-Communication-Path-Traversal.html

Fronius Solar Inverter Series Insecure Communication / Path Traversal ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-19228

Products affected by CVE-2019-19228

Exploit prediction scoring system (EPSS) score for CVE-2019-19228

CVSS scores for CVE-2019-19228

CWE ids for CVE-2019-19228

References for CVE-2019-19228