CVE-2019-19228

CRITICAL

9.8

Descricao

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado12/4/2019

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

fronius:datamanager_box_2.0fronius:datamanager_box_2.0_firmwarefronius:eco_25.0-3-sfronius:eco_25.0-3-s_firmwarefronius:eco_27.0-3-sfronius:eco_27.0-3-s_firmwarefronius:galvo_1.5-1fronius:galvo_1.5-1_208-240fronius:galvo_1.5-1_208-240_firmwarefronius:galvo_1.5-1_firmwarefronius:galvo_2.0-1fronius:galvo_2.0-1_208-240fronius:galvo_2.0-1_208-240_firmwarefronius:galvo_2.0-1_firmwarefronius:galvo_2.5-1fronius:galvo_2.5-1_208-240fronius:galvo_2.5-1_208-240_firmwarefronius:galvo_2.5-1_firmwarefronius:galvo_3.0-1fronius:galvo_3.0-1_firmwarefronius:galvo_3.1-1fronius:galvo_3.1-1_208-240fronius:galvo_3.1-1_208-240_firmwarefronius:galvo_3.1-1_firmwarefronius:primo_10.0-1_208-240fronius:primo_10.0-1_208-240_firmwarefronius:primo_11.4-1_208-240fronius:primo_11.4-1_208-240_firmwarefronius:primo_12.5-1_208-240fronius:primo_12.5-1_208-240_firmwarefronius:primo_15.0-1_208-240fronius:primo_15.0-1_208-240_firmwarefronius:primo_3.0-1fronius:primo_3.0-1_firmwarefronius:primo_3.5-1fronius:primo_3.5-1_firmwarefronius:primo_3.6-1fronius:primo_3.6-1_firmwarefronius:primo_3.8-1_208-240fronius:primo_3.8-1_208-240_firmwarefronius:primo_4.0-1fronius:primo_4.0-1_firmwarefronius:primo_4.6-1fronius:primo_4.6-1_firmwarefronius:primo_5.0-1fronius:primo_5.0-1_208-240fronius:primo_5.0-1_208-240_firmwarefronius:primo_5.0-1_ausfronius:primo_5.0-1_aus_firmwarefronius:primo_5.0-1_firmwarefronius:primo_5.0-1_scfronius:primo_5.0-1_sc_firmwarefronius:primo_6.0-1fronius:primo_6.0-1_208-240fronius:primo_6.0-1_208-240_firmwarefronius:primo_6.0-1_firmwarefronius:primo_7.6-1_208-240fronius:primo_7.6-1_208-240_firmwarefronius:primo_8.2-1fronius:primo_8.2-1_208-240fronius:primo_8.2-1_208-240_firmwarefronius:primo_8.2-1_firmwarefronius:symo_10.0-3-mfronius:symo_10.0-3-m-osfronius:symo_10.0-3-m-os_firmwarefronius:symo_10.0-3-m_firmwarefronius:symo_10.0-3_208-240fronius:symo_10.0-3_208-240_firmwarefronius:symo_10.0-3_480fronius:symo_10.0-3_480_firmwarefronius:symo_12.0-3_208-240fronius:symo_12.0-3_208-240_firmwarefronius:symo_12.5-3-mfronius:symo_12.5-3-m_firmwarefronius:symo_12.5-3_480fronius:symo_12.5-3_480_firmwarefronius:symo_15.0-3-mfronius:symo_15.0-3-m_firmwarefronius:symo_15.0-3_107fronius:symo_15.0-3_107_firmwarefronius:symo_15.0-3_480fronius:symo_15.0-3_480_firmwarefronius:symo_17.5-3-mfronius:symo_17.5-3-m_firmwarefronius:symo_17.5-3_480fronius:symo_17.5-3_480_firmwarefronius:symo_20.0-3-mfronius:symo_20.0-3-m_firmwarefronius:symo_20.0-3_480fronius:symo_20.0-3_480_firmwarefronius:symo_22.7-3_480fronius:symo_22.7-3_480_firmwarefronius:symo_24.0-3_480fronius:symo_24.0-3_480_firmwarefronius:symo_3.0-3-mfronius:symo_3.0-3-m_firmwarefronius:symo_3.0-3-sfronius:symo_3.0-3-s_firmwarefronius:symo_3.7-3-mfronius:symo_3.7-3-m_firmwarefronius:symo_3.7-3-sfronius:symo_3.7-3-s_firmwarefronius:symo_4.5-3-mfronius:symo_4.5-3-m_firmwarefronius:symo_4.5-3-sfronius:symo_4.5-3-s_firmwarefronius:symo_5.0-3-mfronius:symo_5.0-3-m_firmwarefronius:symo_6.0-3-mfronius:symo_6.0-3-m_firmwarefronius:symo_7.0-3-mfronius:symo_7.0-3-m_firmwarefronius:symo_8.2-3-mfronius:symo_8.2-3-m_firmwarefronius:symo_advanced_10.0-3_208-240fronius:symo_advanced_10.0-3_208-240_firmwarefronius:symo_advanced_12.0-3_208-240fronius:symo_advanced_12.0-3_208-240_firmwarefronius:symo_advanced_15.0-3_480fronius:symo_advanced_15.0-3_480_firmwarefronius:symo_advanced_20.0-3_480fronius:symo_advanced_20.0-3_480_firmwarefronius:symo_advanced_22.7-3_480fronius:symo_advanced_22.7-3_480_firmwarefronius:symo_advanced_24.0-3_480fronius:symo_advanced_24.0-3_480_firmwarefronius:symo_hybrid_3.0-3-mfronius:symo_hybrid_3.0-3-m_firmwarefronius:symo_hybrid_4.0-3-mfronius:symo_hybrid_4.0-3-m_firmwarefronius:symo_hybrid_5.0-3-mfronius:symo_hybrid_5.0-3-m_firmware

Fraquezas (CWE)

CWE-312

Referencias

http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecure-Communication-Path-Traversal.html(cve@mitre.org)

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-solar-inverter-series-cve-2019-19229-cve-2019-19228/(cve@mitre.org)

https://seclists.org/bugtraq/2019/Dec/5(cve@mitre.org)

http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecure-Communication-Path-Traversal.html(af854a3a-2127-422b-91ae-364da2661108)

https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-solar-inverter-series-cve-2019-19229-cve-2019-19228/(af854a3a-2127-422b-91ae-364da2661108)

https://seclists.org/bugtraq/2019/Dec/5(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.