CVE-2019-19228

high-risk

Published 2019-12-04

Fronius Solar Inverter devices before 3.14.1 (HM 1.12.1) allow attackers to bypass authentication because the password for the today account is stored in the /tmp/web_users.conf file.

Do I need to act?

0.24% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (20)

Datamanager Box 2.0 Firmware

Eco 25.0-3-S Firmware

Eco 27.0-3-S Firmware

Galvo 1.5-1 Firmware

Galvo 1.5-1 208-240 Firmware

Galvo 2.0-1 Firmware

Galvo 2.0-1 208-240 Firmware

Galvo 2.5-1 Firmware

Galvo 2.5-1 208-240 Firmware

Galvo 3.0-1 Firmware

Galvo 3.1-1 Firmware

Galvo 3.1-1 208-240 Firmware

Primo 10.0-1 208-240 Firmware

Primo 11.4-1 208-240 Firmware

Primo 12.5-1 208-240 Firmware

Primo 15.0-1 208-240 Firmware

Primo 3.0-1 Firmware

Primo 3.5-1 Firmware

Primo 3.6-1 Firmware

Primo 3.8-1 208-240 Firmware

Affected Vendors

Fronius

References (6)

Exploit http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecu...

Exploit https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-so...

Exploit https://seclists.org/bugtraq/2019/Dec/5

Exploit http://packetstormsecurity.com/files/155562/Fronius-Solar-Inverter-Series-Insecu...

Exploit https://sec-consult.com/en/blog/advisories/multiple-vulnerabilites-in-fronius-so...

Exploit https://seclists.org/bugtraq/2019/Dec/5

/ 100

high-risk

Severity 32/34 · Critical

Exploitability 1/34 · Minimal

Exposure 27/34 · High