Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2019-19228

Published: 04/12/2019 Updated: 16/12/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Datamanager Box 2.0 Firmware

Vulnerability Summary

Fronius Solar Inverter devices prior to 3.14.1 (HM 1.12.1) allow malicious users to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

fronius datamanager_box_2.0_firmware

fronius eco_25.0-3-s_firmware

fronius eco_27.0-3-s_firmware

fronius galvo_1.5-1_firmware

fronius galvo_1.5-1_208-240_firmware

fronius galvo_2.0-1_firmware

fronius galvo_2.0-1_208-240_firmware

fronius galvo_2.5-1_firmware

fronius galvo_2.5-1_208-240_firmware

fronius galvo_3.0-1_firmware

fronius galvo_3.1-1_firmware

fronius galvo_3.1-1_208-240_firmware

fronius primo_10.0-1_208-240_firmware

fronius primo_11.4-1_208-240_firmware

fronius primo_12.5-1_208-240_firmware

fronius primo_15.0-1_208-240_firmware

fronius primo_3.0-1_firmware

fronius primo_3.5-1_firmware

fronius primo_3.6-1_firmware

fronius primo_3.8-1_208-240_firmware

fronius primo_4.0-1_firmware

fronius primo_4.6-1_firmware

fronius primo_5.0-1_firmware

fronius primo_5.0-1_208-240_firmware

fronius primo_5.0-1_aus_firmware

fronius primo_5.0-1_sc_firmware

fronius primo_6.0-1_firmware

fronius primo_6.0-1_208-240_firmware

fronius primo_7.6-1_208-240_firmware

fronius primo_8.2-1_firmware

fronius primo_8.2-1_208-240_firmware

fronius symo_10.0-3-m_firmware

fronius symo_10.0-3-m-os_firmware

fronius symo_10.0-3_208-240_firmware

fronius symo_10.0-3_480_firmware

fronius symo_12.0-3_208-240_firmware

fronius symo_12.5-3-m_firmware

fronius symo_12.5-3_480_firmware

fronius symo_15.0-3-m_firmware

fronius symo_15.0-3_107_firmware

fronius symo_15.0-3_480_firmware

fronius symo_17.5-3-m_firmware

fronius symo_17.5-3_480_firmware

fronius symo_20.0-3-m_firmware

fronius symo_20.0-3_480_firmware

fronius symo_22.7-3_480_firmware

fronius symo_24.0-3_480_firmware

fronius symo_3.0-3-m_firmware

fronius symo_3.0-3-s_firmware

fronius symo_3.7-3-m_firmware

fronius symo_3.7-3-s_firmware

fronius symo_4.5-3-m_firmware

fronius symo_4.5-3-s_firmware

fronius symo_5.0-3-m_firmware

fronius symo_6.0-3-m_firmware

fronius symo_7.0-3-m_firmware

fronius symo_8.2-3-m_firmware

fronius symo_advanced_10.0-3_208-240_firmware

fronius symo_advanced_12.0-3_208-240_firmware

fronius symo_advanced_15.0-3_480_firmware

fronius symo_advanced_20.0-3_480_firmware

fronius symo_advanced_22.7-3_480_firmware

fronius symo_advanced_24.0-3_480_firmware

fronius symo_hybrid_3.0-3-m_firmware

fronius symo_hybrid_4.0-3-m_firmware

fronius symo_hybrid_5.0-3-m_firmware

Exploits

Exploit DB: Fronius Solar Inverter Series Insecure Communication / Path Traversal
Fronius Solar Inverter Series with software versions below 3141 (HM 1121) suffer from unencrypted communication and path traversal vulnerabilities ...

References

CWE-312https://seclists.org/bugtraq/2019/Dec/5https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-solar-inverter-series-cve-2019-19229-cve-2019-19228/http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecure-Communication-Path-Traversal.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecure-Communication-Path-Traversal.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298CVE-2024-20356CVE-2023-21987CVE-2024-33217bypassCVE-2024-31804CVE-2024-32660unauthorizedSSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook