Lucene search

[email protected]CVE-2019-19229

HistoryDec 04, 2019 - 7:15 p.m.

CVE-2019-19229

2019-12-0419:15:11

CWE-22

[email protected]

web.nvd.nist.gov

admincgi

service.fcgi

directory traversal

cve-2019-19229

fronius solar inverter

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.9%

JSON

admincgi-bin/service.fcgi on Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allows action=download&filename= Directory Traversal.

Affected configurations

NVD

Node

froniusdatamanager_box_2.0_firmwareRange<3.14.1

AND

froniusdatamanager_box_2.0Match-

Node

froniuseco_25.0-3-s_firmwareRange<3.14.1

AND

froniuseco_25.0-3-sMatch-

Node

froniuseco_27.0-3-s_firmwareRange<3.14.1

AND

froniuseco_27.0-3-sMatch-

Node

froniusgalvo_1.5-1_firmwareRange<3.14.1

AND

froniusgalvo_1.5-1Match-

Node

froniusgalvo_1.5-1_208-240_firmwareRange<3.14.1

AND

froniusgalvo_1.5-1_208-240Match-

Node

froniusgalvo_2.0-1_firmwareRange<3.14.1

AND

froniusgalvo_2.0-1Match-

Node

froniusgalvo_2.0-1_208-240_firmwareRange<3.14.1

AND

froniusgalvo_2.0-1_208-240Match-

Node

froniusgalvo_2.5-1_firmwareRange<3.14.1

AND

froniusgalvo_2.5-1Match-

Node

froniusgalvo_2.5-1_208-240_firmwareRange<3.14.1

AND

froniusgalvo_2.5-1_208-240Match-

Node

froniusgalvo_3.0-1_firmwareRange<3.14.1

AND

froniusgalvo_3.0-1Match-

Node

froniusgalvo_3.1-1_firmwareRange<3.14.1

AND

froniusgalvo_3.1-1Match-

Node

froniusgalvo_3.1-1_208-240Match-

AND

froniusgalvo_3.1-1_208-240_firmwareRange<3.14.1

Node

froniusprimo_10.0-1_208-240Match-

AND

froniusprimo_10.0-1_208-240_firmwareRange<3.14.1

Node

froniusprimo_11.4-1_208-240Match-

AND

froniusprimo_11.4-1_208-240_firmwareRange<3.14.1

Node

froniusprimo_12.5-1_208-240Match-

AND

froniusprimo_12.5-1_208-240_firmwareRange<3.14.1

Node

froniusprimo_15.0-1_208-240Match-

AND

froniusprimo_15.0-1_208-240_firmwareRange<3.14.1

Node

froniusprimo_3.0-1Match-

AND

froniusprimo_3.0-1_firmwareRange<3.14.1

Node

froniusprimo_3.5-1Match-

AND

froniusprimo_3.5-1_firmwareRange<3.14.1

Node

froniusprimo_3.6-1Match-

AND

froniusprimo_3.6-1_firmwareRange<3.14.1

Node

froniusprimo_3.8-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_3.8-1_208-240Match-

Node

froniusprimo_4.0-1_firmwareRange<3.14.1

AND

froniusprimo_4.0-1Match-

Node

froniusprimo_4.6-1_firmwareRange<3.14.1

AND

froniusprimo_4.6-1Match-

Node

froniusprimo_5.0-1_firmwareRange<3.14.1

AND

froniusprimo_5.0-1Match-

Node

froniusprimo_5.0-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_5.0-1_208-240Match-

Node

froniusprimo_5.0-1_aus_firmwareRange<3.14.1

AND

froniusprimo_5.0-1_ausMatch-

Node

froniusprimo_5.0-1_sc_firmwareRange<3.14.1

AND

froniusprimo_5.0-1_scMatch-

Node

froniusprimo_6.0-1_firmwareRange<3.14.1

AND

froniusprimo_6.0-1Match-

Node

froniusprimo_6.0-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_6.0-1_208-240Match-

Node

froniusprimo_7.6-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_7.6-1_208-240Match-

Node

froniusprimo_8.2-1_firmwareRange<3.14.1

AND

froniusprimo_8.2-1Match-

Node

froniusprimo_8.2-1_208-240_firmwareRange<3.14.1

AND

froniusprimo_8.2-1_208-240Match-

Node

froniussymo_10.0-3-m_firmwareRange<3.14.1

AND

froniussymo_10.0-3-mMatch-

Node

froniussymo_10.0-3-m-os_firmwareRange<3.14.1

AND

froniussymo_10.0-3-m-osMatch-

Node

froniussymo_10.0-3_208-240_firmwareRange<3.14.1

AND

froniussymo_10.0-3_208-240Match-

Node

froniussymo_10.0-3_480_firmwareRange<3.14.1

AND

froniussymo_10.0-3_480Match-

Node

froniussymo_12.0-3_208-240_firmwareRange<3.14.1

AND

froniussymo_12.0-3_208-240Match-

Node

froniussymo_12.5-3-m_firmwareRange<3.14.1

AND

froniussymo_12.5-3-mMatch-

Node

froniussymo_12.5-3_480_firmwareRange<3.14.1

AND

froniussymo_12.5-3_480Match-

Node

froniussymo_15.0-3-m_firmwareRange<3.14.1

AND

froniussymo_15.0-3-mMatch-

Node

froniussymo_15.0-3_107_firmwareRange<3.14.1

AND

froniussymo_15.0-3_107Match-

Node

froniussymo_15.0-3_480_firmwareRange<3.14.1

AND

froniussymo_15.0-3_480Match-

Node

froniussymo_17.5-3-m_firmwareRange<3.14.1

AND

froniussymo_17.5-3-mMatch-

Node

froniussymo_17.5-3_480_firmwareRange<3.14.1

AND

froniussymo_17.5-3_480Match-

Node

froniussymo_20.0-3-m_firmwareRange<3.14.1

AND

froniussymo_20.0-3-mMatch-

Node

froniussymo_20.0-3_480_firmwareRange<3.14.1

AND

froniussymo_20.0-3_480Match-

Node

froniussymo_22.7-3_480_firmwareRange<3.14.1

AND

froniussymo_22.7-3_480Match-

Node

froniussymo_24.0-3_480_firmwareRange<3.14.1

AND

froniussymo_24.0-3_480Match-

Node

froniussymo_3.0-3-m_firmwareRange<3.14.1

AND

froniussymo_3.0-3-mMatch-

Node

froniussymo_3.0-3-s_firmwareRange<3.14.1

AND

froniussymo_3.0-3-sMatch-

Node

froniussymo_3.7-3-m_firmwareRange<3.14.1

AND

froniussymo_3.7-3-mMatch-

Node

froniussymo_3.7-3-s_firmwareRange<3.14.1

AND

froniussymo_3.7-3-sMatch-

Node

froniussymo_4.5-3-m_firmwareRange<3.14.1

AND

froniussymo_4.5-3-mMatch-

Node

froniussymo_4.5-3-s_firmwareRange<3.14.1

AND

froniussymo_4.5-3-sMatch-

Node

froniussymo_5.0-3-m_firmwareRange<3.14.1

AND

froniussymo_5.0-3-mMatch-

Node

froniussymo_6.0-3-m_firmwareRange<3.14.1

AND

froniussymo_6.0-3-mMatch-

Node

froniussymo_7.0-3-m_firmwareRange<3.14.1

AND

froniussymo_7.0-3-mMatch-

Node

froniussymo_8.2-3-m_firmwareRange<3.14.1

AND

froniussymo_8.2-3-mMatch-

Node

froniussymo_advanced_10.0-3_208-240_firmwareRange<3.14.1

AND

froniussymo_advanced_10.0-3_208-240Match-

Node

froniussymo_advanced_12.0-3_208-240_firmwareRange<3.14.1

AND

froniussymo_advanced_12.0-3_208-240Match-

Node

froniussymo_advanced_15.0-3_480_firmwareRange<3.14.1

AND

froniussymo_advanced_15.0-3_480Match-

Node

froniussymo_advanced_20.0-3_480_firmwareRange<3.14.1

AND

froniussymo_advanced_20.0-3_480Match-

Node

froniussymo_advanced_22.7-3_480_firmwareRange<3.14.1

AND

froniussymo_advanced_22.7-3_480Match-

Node

froniussymo_advanced_24.0-3_480_firmwareRange<3.14.1

AND

froniussymo_advanced_24.0-3_480Match-

Node

froniussymo_hybrid_3.0-3-m_firmwareRange<3.14.1

AND

froniussymo_hybrid_3.0-3-mMatch-

Node

froniussymo_hybrid_4.0-3-m_firmwareRange<3.14.1

AND

froniussymo_hybrid_4.0-3-mMatch-

Node

froniussymo_hybrid_5.0-3-m_firmwareRange<3.14.1

AND

froniussymo_hybrid_5.0-3-mMatch-

CPENameOperatorVersion
fronius:datamanager_box_2.0_firmwarefronius datamanager box 2.0 firmwarelt3.14.1

CPE	Name	Operator	Version
fronius:datamanager_box_2.0_firmware	fronius datamanager box 2.0 firmware	lt	3.14.1

References

packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecure-Communication-Path-Traversal.html

sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-solar-inverter-series-cve-2019-19229-cve-2019-19228/

seclists.org/bugtraq/2019/Dec/5

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.9%

JSON

Related for CVE-2019-19229

prion1 cvelist1 nvd1 packetstorm1