CVE-2019-19229
MEDIUM
6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM
4,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: partial
Integrity: none
Availability: none
Description
AI Translation Available
admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,0070
Percentile
0,7th
Updated
EPSS Score Trend (Last 90 Days)
22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
StableCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Modify Files Or Directories
Read Files Or Directories
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
AI/ML
Operating System
Symo Hybrid 5.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_hybrid_5.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 5.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_5.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 15.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_15.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 24.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_24.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 3.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_3.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 3.5-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_3.5-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 6.0-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_6.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Hybrid 3.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_hybrid_3.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 5.0-1 Aus Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_5.0-1_aus_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 3.8-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_3.8-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 12.0-3 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_12.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Datamanager Box 2.0 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:datamanager_box_2.0_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 4.5-3-S Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_4.5-3-s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 2.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_2.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Eco 25.0-3-S Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:eco_25.0-3-s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 12.5-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_12.5-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 15.0-3 107 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_15.0-3_107_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 7.6-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_7.6-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 3.7-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_3.7-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 8.2-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_8.2-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 6.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_6.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 20.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_20.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 20.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_20.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 2.5-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_2.5-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Hybrid 4.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_hybrid_4.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 3.1-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_3.1-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 3.7-3-S Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_3.7-3-s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 3.1-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_3.1-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 12.5-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_12.5-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 3.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_3.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 10.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_10.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 1.5-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_1.5-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 10.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_10.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 4.5-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_4.5-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 24.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_24.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 22.7-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_22.7-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 3.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_3.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 11.4-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_11.4-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 22.7-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_22.7-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 20.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_20.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 3.0-3-S Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_3.0-3-s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 12.0-3 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_12.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 15.0-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_15.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 10.0-3 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_10.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 2.0-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_2.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 5.0-1 Sc Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_5.0-1_sc_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 8.2-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_8.2-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 15.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_15.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 5.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_5.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 1.5-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_1.5-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 7.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_7.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 10.0-3-M-Os Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_10.0-3-m-os_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 10.0-3 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_10.0-3_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 6.0-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_6.0-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 5.0-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_5.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 17.5-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_17.5-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 17.5-3-M Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_17.5-3-m_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 3.6-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_3.6-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 4.0-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_4.0-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Eco 27.0-3-S Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:eco_27.0-3-s_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo 12.5-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_12.5-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 4.6-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_4.6-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Symo Advanced 15.0-3 480 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:symo_advanced_15.0-3_480_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 8.2-1 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_8.2-1_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Galvo 2.5-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:galvo_2.5-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System
Primo 10.0-1 208-240 Firmware by Fronius
Version Range Affected
To
3.14.1
(exclusive)
CPE Identifier
View Detailed Analysis
cpe:2.3:o:fronius:primo_10.0-1_208-240_firmware:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insec…
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-s…
https://seclists.org/bugtraq/2019/Dec/5
http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insec…
https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-s…
https://seclists.org/bugtraq/2019/Dec/5