CVE-2019-19229 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Vendor	Product	Version
fronius	datamanager_box_2.0_firmware	𝑥 < 3.14.1
fronius	eco_25.0-3-s_firmware	𝑥 < 3.14.1
fronius	eco_27.0-3-s_firmware	𝑥 < 3.14.1
fronius	galvo_1.5-1_firmware	𝑥 < 3.14.1
fronius	galvo_1.5-1_208-240_firmware	𝑥 < 3.14.1
fronius	galvo_2.0-1_firmware	𝑥 < 3.14.1
fronius	galvo_2.0-1_208-240_firmware	𝑥 < 3.14.1
fronius	galvo_2.5-1_firmware	𝑥 < 3.14.1
fronius	galvo_2.5-1_208-240_firmware	𝑥 < 3.14.1
fronius	galvo_3.0-1_firmware	𝑥 < 3.14.1
fronius	galvo_3.1-1_firmware	𝑥 < 3.14.1
fronius	galvo_3.1-1_208-240_firmware	𝑥 < 3.14.1
fronius	primo_10.0-1_208-240_firmware	𝑥 < 3.14.1
fronius	primo_11.4-1_208-240_firmware	𝑥 < 3.14.1
fronius	primo_12.5-1_208-240_firmware	𝑥 < 3.14.1
fronius	primo_15.0-1_208-240_firmware	𝑥 < 3.14.1
fronius	primo_3.0-1_firmware	𝑥 < 3.14.1
fronius	primo_3.5-1_firmware	𝑥 < 3.14.1
fronius	primo_3.6-1_firmware	𝑥 < 3.14.1
fronius	primo_3.8-1_208-240_firmware	𝑥 < 3.14.1
fronius	primo_4.0-1_firmware	𝑥 < 3.14.1
fronius	primo_4.6-1_firmware	𝑥 < 3.14.1
fronius	primo_5.0-1_firmware	𝑥 < 3.14.1
fronius	primo_5.0-1_208-240_firmware	𝑥 < 3.14.1
fronius	primo_5.0-1_aus_firmware	𝑥 < 3.14.1
fronius	primo_5.0-1_sc_firmware	𝑥 < 3.14.1
fronius	primo_6.0-1_firmware	𝑥 < 3.14.1
fronius	primo_6.0-1_208-240_firmware	𝑥 < 3.14.1
fronius	primo_7.6-1_208-240_firmware	𝑥 < 3.14.1
fronius	primo_8.2-1_firmware	𝑥 < 3.14.1
fronius	primo_8.2-1_208-240_firmware	𝑥 < 3.14.1
fronius	symo_10.0-3-m_firmware	𝑥 < 3.14.1
fronius	symo_10.0-3-m-os_firmware	𝑥 < 3.14.1
fronius	symo_10.0-3_208-240_firmware	𝑥 < 3.14.1
fronius	symo_10.0-3_480_firmware	𝑥 < 3.14.1
fronius	symo_12.0-3_208-240_firmware	𝑥 < 3.14.1
fronius	symo_12.5-3-m_firmware	𝑥 < 3.14.1
fronius	symo_12.5-3_480_firmware	𝑥 < 3.14.1
fronius	symo_15.0-3-m_firmware	𝑥 < 3.14.1
fronius	symo_15.0-3_107_firmware	𝑥 < 3.14.1
fronius	symo_15.0-3_480_firmware	𝑥 < 3.14.1
fronius	symo_17.5-3-m_firmware	𝑥 < 3.14.1
fronius	symo_17.5-3_480_firmware	𝑥 < 3.14.1
fronius	symo_20.0-3-m_firmware	𝑥 < 3.14.1
fronius	symo_20.0-3_480_firmware	𝑥 < 3.14.1
fronius	symo_22.7-3_480_firmware	𝑥 < 3.14.1
fronius	symo_24.0-3_480_firmware	𝑥 < 3.14.1
fronius	symo_3.0-3-m_firmware	𝑥 < 3.14.1
fronius	symo_3.0-3-s_firmware	𝑥 < 3.14.1
fronius	symo_3.7-3-m_firmware	𝑥 < 3.14.1
fronius	symo_3.7-3-s_firmware	𝑥 < 3.14.1
fronius	symo_4.5-3-m_firmware	𝑥 < 3.14.1
fronius	symo_4.5-3-s_firmware	𝑥 < 3.14.1
fronius	symo_5.0-3-m_firmware	𝑥 < 3.14.1
fronius	symo_6.0-3-m_firmware	𝑥 < 3.14.1
fronius	symo_7.0-3-m_firmware	𝑥 < 3.14.1
fronius	symo_8.2-3-m_firmware	𝑥 < 3.14.1
fronius	symo_advanced_10.0-3_208-240_firmware	𝑥 < 3.14.1
fronius	symo_advanced_12.0-3_208-240_firmware	𝑥 < 3.14.1
fronius	symo_advanced_15.0-3_480_firmware	𝑥 < 3.14.1
fronius	symo_advanced_20.0-3_480_firmware	𝑥 < 3.14.1
fronius	symo_advanced_22.7-3_480_firmware	𝑥 < 3.14.1
fronius	symo_advanced_24.0-3_480_firmware	𝑥 < 3.14.1
fronius	symo_hybrid_3.0-3-m_firmware	𝑥 < 3.14.1
fronius	symo_hybrid_4.0-3-m_firmware	𝑥 < 3.14.1
fronius	symo_hybrid_5.0-3-m_firmware	𝑥 < 3.14.1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References

http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecure-Communication-Path-Traversal.html

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-solar-inverter-series-cve-2019-19229-cve-2019-19228/

https://seclists.org/bugtraq/2019/Dec/5

http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecure-Communication-Path-Traversal.html

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-solar-inverter-series-cve-2019-19229-cve-2019-19228/

https://seclists.org/bugtraq/2019/Dec/5