CVE-2019-19228
CRITICAL
9,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM
5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0024
Percentile
0,5th
Updated
EPSS Score Trend (Last 90 Days)
312
Cleartext Storage of Sensitive Information
DraftCommon Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies:
Cloud Computing, ICS/OT, Mobile
Operating System
Symo Hybrid 5.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_hybrid_5.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 5.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_5.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 15.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_15.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 24.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_24.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 3.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_3.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 3.5-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_3.5-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 6.0-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_6.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Hybrid 3.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_hybrid_3.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 5.0-1 Aus Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_5.0-1_aus_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 3.8-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_3.8-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 12.0-3 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_12.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Datamanager Box 2.0 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:datamanager_box_2.0_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 4.5-3-S Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_4.5-3-s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 2.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_2.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Eco 25.0-3-S Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:eco_25.0-3-s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 12.5-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_12.5-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 15.0-3 107 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_15.0-3_107_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 7.6-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_7.6-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 3.7-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_3.7-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 8.2-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_8.2-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 6.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_6.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 20.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_20.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 20.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_20.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 2.5-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_2.5-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Hybrid 4.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_hybrid_4.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 3.1-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_3.1-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 3.7-3-S Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_3.7-3-s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 3.1-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_3.1-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 12.5-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_12.5-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 3.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_3.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 10.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_10.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 1.5-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_1.5-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 10.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_10.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 4.5-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_4.5-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 24.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_24.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 22.7-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_22.7-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 3.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_3.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 11.4-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_11.4-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 22.7-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_22.7-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 20.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_20.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 3.0-3-S Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_3.0-3-s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 12.0-3 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_12.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 15.0-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_15.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 10.0-3 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_10.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 2.0-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_2.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 5.0-1 Sc Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_5.0-1_sc_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 8.2-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_8.2-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 15.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_15.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 5.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_5.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 1.5-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_1.5-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 7.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_7.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 10.0-3-M-Os Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_10.0-3-m-os_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 10.0-3 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_10.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 6.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_6.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 5.0-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_5.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 17.5-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_17.5-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 17.5-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_17.5-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 3.6-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_3.6-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 4.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_4.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Eco 27.0-3-S Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:eco_27.0-3-s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 12.5-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_12.5-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 4.6-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_4.6-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 15.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_15.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 8.2-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_8.2-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 2.5-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_2.5-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 10.0-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_10.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insec…
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-s…
https://seclists.org/bugtraq/2019/Dec/5
http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insec…
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-s…
https://seclists.org/bugtraq/2019/Dec/5