Improper access control in the Insyde software tools may allow an authenticated user to potentially enable escalation of privilege, or information disclosure via local access. This is a software vulnerability, not a firmware issue. Affected tools include: H2OFFT version 3.02~5.28, 100.00.00.00~100.00.08.23 and 200.00.00.01~200.00.00.05, H2OOAE before version 200.00.00.02, H2OSDE before version 200.00.00.07, H2OUVE before version 200.00.02.02, H2OPCM before version 100.00.06.00, H2OELV before version 100.00.02.08.
Conclusion & alert: CVE-2019-12532 is rated Moderate Risk (42.7/100): CVSS High severity, with low exploitation likelihood (EPSS 0.40%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.06% | 0.40% | +0.34% |
| 2 | 2024-08-19 | 0.04% | 0.06% | +0.02% |
| 3 | 2023-03-07 | — | 0.04% | — |
Full EPSS history (7 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 7.8 | 3.1 | HIGH |
|
1.8 | 5.9 | [email protected] |
| 4.6 | 2.0 | MEDIUM |
|
3.9 | 6.4 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| insyde | h2oelv | < 100.00.02.08 | cpe:2.3:a:insyde:h2oelv:*:*:*:*:*:*:*:* |
| insyde | h2offt | >= 3.02, <= 5.28 | cpe:2.3:a:insyde:h2offt:*:*:*:*:*:*:*:* |
| insyde | h2offt | >= 100.00.00.00, <= 100.00.08.23 | cpe:2.3:a:insyde:h2offt:*:*:*:*:*:*:*:* |
| insyde | h2offt | >= 200.00.00.01, <= 200.00.00.05 | cpe:2.3:a:insyde:h2offt:*:*:*:*:*:*:*:* |
| insyde | h2ooae | < 200.00.00.02 | cpe:2.3:a:insyde:h2ooae:*:*:*:*:*:*:*:* |
| insyde | h2opcm | < 100.00.06.00 | cpe:2.3:a:insyde:h2opcm:*:*:*:*:*:*:*:* |
| insyde | h2osde | < 200.00.00.07 | cpe:2.3:a:insyde:h2osde:*:*:*:*:*:*:*:* |
| insyde | h2ouve | < 200.00.02.02 | cpe:2.3:a:insyde:h2ouve:*:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/ | Third Party Advisory |
| https://security.netapp.com/advisory/ntap-20220223-0004/ | Third Party Advisory |
| https://www.insyde.com/security-pledge/SA-2019001 | Vendor Advisory |