Search
Find a vulnerability
Search criteria
34 vulnerabilities by sma
CVE-2021-4459 (GCVE-0-2021-4459)
Vulnerability from nvd – Published: 2025-08-27 08:00 – Updated: 2025-08-27 16:18
VLAI
Title
SMA: Directory Traversal in Sunny Boy <3.10.27.R
Summary
An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
Impacted products
Date Public
2025-08-27 08:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T16:14:11.490021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:18:45.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Boy 3.0",
"vendor": "SMA",
"versions": [
{
"lessThan": "3.10.27.R",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boy 3.6",
"vendor": "SMA",
"versions": [
{
"lessThan": "3.10.27.R",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boy 4.0",
"vendor": "SMA",
"versions": [
{
"lessThan": "3.10.27.R",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boy 5.0",
"vendor": "SMA",
"versions": [
{
"lessThan": "3.10.27.R",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boy 6.0",
"vendor": "SMA",
"versions": [
{
"lessThan": "3.10.27.R",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Alroky from KOIN Network"
}
],
"datePublic": "2025-08-27T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices."
}
],
"value": "An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T08:00:35.837Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-066"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SMA: Directory Traversal in Sunny Boy \u003c3.10.27.R",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-4459",
"datePublished": "2025-08-27T08:00:35.837Z",
"dateReserved": "2025-07-18T05:04:57.291Z",
"dateUpdated": "2025-08-27T16:18:45.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41685 (GCVE-0-2025-41685)
Vulnerability from nvd – Published: 2025-08-19 08:10 – Updated: 2025-08-19 13:19
VLAI
Title
SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user
Summary
A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMA | ennexos.sunnyportal.com |
Affected:
0 , < 15.08.2025
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T13:19:29.424940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:19:34.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ennexos.sunnyportal.com",
"vendor": "SMA",
"versions": [
{
"lessThan": "15.08.2025",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jannik Zimmer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user\u0027s email address.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user\u0027s email address."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T08:10:05.103Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-050"
}
],
"source": {
"advisory": "VDE-2025-050",
"defect": [
"CERT@VDE#641800"
],
"discovery": "UNKNOWN"
},
"title": "SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41685",
"datePublished": "2025-08-19T08:10:05.103Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-08-19T13:19:34.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41645 (GCVE-0-2025-41645)
Vulnerability from nvd – Published: 2025-05-13 08:47 – Updated: 2025-05-13 13:11
VLAI
Title
SMA: Sunny Portal demo system privilege escalation
Summary
An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMA | www.sunnyportal.com |
Affected:
0 , < 20.02.2025
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:11:02.182038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:11:10.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "www.sunnyportal.com",
"vendor": "SMA",
"versions": [
{
"lessThan": "20.02.2025",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jannik Zimmer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake."
}
],
"value": "An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T08:47:33.564Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2025-010"
}
],
"source": {
"advisory": "VDE-2025-010",
"defect": [
"CERT@VDE#641735"
],
"discovery": "UNKNOWN"
},
"title": "SMA: Sunny Portal demo system privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41645",
"datePublished": "2025-05-13T08:47:33.564Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-05-13T13:11:10.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0731 (GCVE-0-2025-0731)
Vulnerability from nvd – Published: 2025-02-26 10:01 – Updated: 2025-02-26 15:27
VLAI
Title
SMA: Sunny Portal Remote Code Execution
Summary
An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMA | www.sunnyportal.com |
Affected:
0 , < 19.02.2024
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:50:10.812737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:27:59.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "www.sunnyportal.com",
"vendor": "SMA",
"versions": [
{
"lessThan": "19.02.2024",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Francesco La Spina from Forescout Technologies Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user."
}
],
"value": "An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T10:01:50.336Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2025-012"
}
],
"source": {
"advisory": "VDE-2025-012",
"defect": [
"CERT@VDE#641736"
],
"discovery": "UNKNOWN"
},
"title": "SMA: Sunny Portal Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-0731",
"datePublished": "2025-02-26T10:01:50.336Z",
"dateReserved": "2025-01-27T10:41:55.092Z",
"dateUpdated": "2025-02-26T15:27:59.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11025 (GCVE-0-2024-11025)
Vulnerability from nvd – Published: 2024-11-27 10:24 – Updated: 2024-11-27 12:01
VLAI
Title
SMA: SQL injection in Sunny Central UP
Summary
An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
Impacted products
56 products
| Vendor | Product | Version | |
|---|---|---|---|
| SMA | Sunny Central SC 1760-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 1850-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2000 EV-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2000-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC-2200-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2200-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC-2475-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2500 EV-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2660 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2660 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2750 EV-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2750 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2800 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2800 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2930 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2930 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 3060 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 3060 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4000 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4000 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4200 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4200 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4400 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4400 UP-JP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4400 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4600 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4600 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS-1900-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS-2200-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2300 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2300 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2400 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2400 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS-2475-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2530 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2530 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2630 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2630 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS-2900-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3450 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3450 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3450 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3450 UP-XT-JP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3450 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3600 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3600 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3600 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3600 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3800 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3800 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3800 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3800 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3950 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3950 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3950 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3950 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T11:56:18.041177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T12:01:12.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 1760-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 1850-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2000 EV-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2000-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC-2200-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2200-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC-2475-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2500 EV-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2660 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2660 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2750 EV-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2750 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2800 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2800 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2930 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2930 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 3060 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 3060 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4000 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4000 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4200 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4200 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4400 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4400 UP-JP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4400 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4600 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4600 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS-1900-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS-2200-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2300 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2300 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2400 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2400 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS-2475-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2530 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2530 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2630 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2630 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS-2900-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3450 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3450 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3450 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3450 UP-XT-JP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3450 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3600 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3600 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3600 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3600 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3800 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3800 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3800 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3800 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3950 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3950 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3950 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3950 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Pierre Martin from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.\u003c/p\u003e"
}
],
"value": "An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T10:24:50.001Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2024-074"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SMA: SQL injection in Sunny Central UP",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-11025",
"datePublished": "2024-11-27T10:24:50.001Z",
"dateReserved": "2024-11-08T14:01:19.734Z",
"dateUpdated": "2024-11-27T12:01:12.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9863 (GCVE-0-2017-9863)
Vulnerability from nvd – Published: 2017-08-05 17:00 – Updated: 2024-08-05 17:18 Disputed
VLAI
Summary
An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.sma.de/en/statement-on-cyber-security.html | x_refsource_MISC |
| https://horusscenario.com/CVE-information/ | x_refsource_MISC |
| http://www.sma.de/fileadmin/content/global/specia… | x_refsource_MISC |
Date Public
2017-08-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:02.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-21T08:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9863",
"datePublished": "2017-08-05T17:00:00.000Z",
"dateReserved": "2017-06-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:02.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9862 (GCVE-0-2017-9862)
Vulnerability from nvd – Published: 2017-08-05 17:00 – Updated: 2024-08-05 17:18 Disputed
VLAI
Summary
An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that "the information contained in the debug report is of marginal significance." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.sma.de/en/statement-on-cyber-security.html | x_refsource_MISC |
| https://horusscenario.com/CVE-information/ | x_refsource_MISC |
| http://www.sma.de/fileadmin/content/global/specia… | x_refsource_MISC |
Date Public
2017-08-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that \"the information contained in the debug report is of marginal significance.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-21T08:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that \"the information contained in the debug report is of marginal significance.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9862",
"datePublished": "2017-08-05T17:00:00.000Z",
"dateReserved": "2017-06-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:01.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4459 (GCVE-0-2021-4459)
Vulnerability from cvelistv5 – Published: 2025-08-27 08:00 – Updated: 2025-08-27 16:18
VLAI
Title
SMA: Directory Traversal in Sunny Boy <3.10.27.R
Summary
An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
Impacted products
Date Public
2025-08-27 08:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-4459",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T16:14:11.490021Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T16:18:45.427Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Boy 3.0",
"vendor": "SMA",
"versions": [
{
"lessThan": "3.10.27.R",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boy 3.6",
"vendor": "SMA",
"versions": [
{
"lessThan": "3.10.27.R",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boy 4.0",
"vendor": "SMA",
"versions": [
{
"lessThan": "3.10.27.R",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boy 5.0",
"vendor": "SMA",
"versions": [
{
"lessThan": "3.10.27.R",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Boy 6.0",
"vendor": "SMA",
"versions": [
{
"lessThan": "3.10.27.R",
"status": "affected",
"version": "0.0.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Ahmed Alroky from KOIN Network"
}
],
"datePublic": "2025-08-27T08:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices."
}
],
"value": "An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T08:00:35.837Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-066"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SMA: Directory Traversal in Sunny Boy \u003c3.10.27.R",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2021-4459",
"datePublished": "2025-08-27T08:00:35.837Z",
"dateReserved": "2025-07-18T05:04:57.291Z",
"dateUpdated": "2025-08-27T16:18:45.427Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41685 (GCVE-0-2025-41685)
Vulnerability from cvelistv5 – Published: 2025-08-19 08:10 – Updated: 2025-08-19 13:19
VLAI
Title
SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user
Summary
A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMA | ennexos.sunnyportal.com |
Affected:
0 , < 15.08.2025
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41685",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-19T13:19:29.424940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:19:34.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ennexos.sunnyportal.com",
"vendor": "SMA",
"versions": [
{
"lessThan": "15.08.2025",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jannik Zimmer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user\u0027s email address.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user\u0027s email address."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T08:10:05.103Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2025-050"
}
],
"source": {
"advisory": "VDE-2025-050",
"defect": [
"CERT@VDE#641800"
],
"discovery": "UNKNOWN"
},
"title": "SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41685",
"datePublished": "2025-08-19T08:10:05.103Z",
"dateReserved": "2025-04-16T11:17:48.309Z",
"dateUpdated": "2025-08-19T13:19:34.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41645 (GCVE-0-2025-41645)
Vulnerability from cvelistv5 – Published: 2025-05-13 08:47 – Updated: 2025-05-13 13:11
VLAI
Title
SMA: Sunny Portal demo system privilege escalation
Summary
An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.
Severity
8.6 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-669 - Incorrect Resource Transfer Between Spheres
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMA | www.sunnyportal.com |
Affected:
0 , < 20.02.2025
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41645",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:11:02.182038Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:11:10.091Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "www.sunnyportal.com",
"vendor": "SMA",
"versions": [
{
"lessThan": "20.02.2025",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jannik Zimmer"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake."
}
],
"value": "An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-669",
"description": "CWE-669 Incorrect Resource Transfer Between Spheres",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T08:47:33.564Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2025-010"
}
],
"source": {
"advisory": "VDE-2025-010",
"defect": [
"CERT@VDE#641735"
],
"discovery": "UNKNOWN"
},
"title": "SMA: Sunny Portal demo system privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-41645",
"datePublished": "2025-05-13T08:47:33.564Z",
"dateReserved": "2025-04-16T11:17:48.305Z",
"dateUpdated": "2025-05-13T13:11:10.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0731 (GCVE-0-2025-0731)
Vulnerability from cvelistv5 – Published: 2025-02-26 10:01 – Updated: 2025-02-26 15:27
VLAI
Title
SMA: Sunny Portal Remote Code Execution
Summary
An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SMA | www.sunnyportal.com |
Affected:
0 , < 19.02.2024
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-0731",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T14:50:10.812737Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T15:27:59.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "www.sunnyportal.com",
"vendor": "SMA",
"versions": [
{
"lessThan": "19.02.2024",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Francesco La Spina from Forescout Technologies Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user."
}
],
"value": "An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T10:01:50.336Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2025-012"
}
],
"source": {
"advisory": "VDE-2025-012",
"defect": [
"CERT@VDE#641736"
],
"discovery": "UNKNOWN"
},
"title": "SMA: Sunny Portal Remote Code Execution",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2025-0731",
"datePublished": "2025-02-26T10:01:50.336Z",
"dateReserved": "2025-01-27T10:41:55.092Z",
"dateUpdated": "2025-02-26T15:27:59.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11025 (GCVE-0-2024-11025)
Vulnerability from cvelistv5 – Published: 2024-11-27 10:24 – Updated: 2024-11-27 12:01
VLAI
Title
SMA: SQL injection in Sunny Central UP
Summary
An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.
Severity
5.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
1 reference
Impacted products
56 products
| Vendor | Product | Version | |
|---|---|---|---|
| SMA | Sunny Central SC 1760-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 1850-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2000 EV-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2000-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC-2200-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2200-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC-2475-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2500 EV-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2660 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2660 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2750 EV-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2750 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2800 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2800 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2930 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 2930 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 3060 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 3060 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4000 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4000 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4200 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4200 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4400 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4400 UP-JP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4400 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4600 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central SC 4600 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS-1900-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS-2200-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2300 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2300 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2400 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2400 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS-2475-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2530 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2530 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2630 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 2630 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS-2900-10 |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3450 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3450 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3450 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3450 UP-XT-JP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3450 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3600 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3600 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3600 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3600 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3800 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3800 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3800 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3800 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3950 UP |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3950 UP-US |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3950 UP-XT |
Affected:
0 , < 10.01.18.R
(semver)
|
|
| SMA | Sunny Central Storage SCS 3950 UP-XT-US |
Affected:
0 , < 10.01.18.R
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T11:56:18.041177Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T12:01:12.145Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 1760-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 1850-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2000 EV-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2000-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC-2200-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2200-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC-2475-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2500 EV-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2660 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2660 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2750 EV-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2750 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2800 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2800 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2930 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 2930 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 3060 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 3060 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4000 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4000 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4200 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4200 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4400 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4400 UP-JP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4400 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4600 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central SC 4600 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS-1900-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS-2200-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2300 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2300 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2400 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2400 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS-2475-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2530 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2530 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2630 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 2630 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS-2900-10",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3450 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3450 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3450 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3450 UP-XT-JP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3450 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3600 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3600 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3600 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3600 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3800 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3800 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3800 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3800 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3950 UP",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3950 UP-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3950 UP-XT",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Sunny Central Storage SCS 3950 UP-XT-US",
"vendor": "SMA",
"versions": [
{
"lessThan": "10.01.18.R",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Pierre Martin from Synacktiv"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.\u003c/p\u003e"
}
],
"value": "An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T10:24:50.001Z",
"orgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"shortName": "CERTVDE"
},
"references": [
{
"url": "https://certvde.com/en/advisories/VDE-2024-074"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SMA: SQL injection in Sunny Central UP",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "270ccfa6-a436-4e77-922e-914ec3a9685c",
"assignerShortName": "CERTVDE",
"cveId": "CVE-2024-11025",
"datePublished": "2024-11-27T10:24:50.001Z",
"dateReserved": "2024-11-08T14:01:19.734Z",
"dateUpdated": "2024-11-27T12:01:12.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201708-1526
Vulnerability from variot - Updated: 2025-04-20 23:42An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout policies and random-number generators based on timestamps, and makes timestamps for data analysis unreliable. NOTE: the vendor reports that this is largely irrelevant because it only affects log-entry timestamps, and because the plant time would later be reset via NTP. (It has never been the case that a lockout policy or random-number generator was affected.) Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. plural SMA Solar Technology The product contains vulnerabilities related to authorization, permissions, and access control. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9864Information may be tampered with. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. SMASolarTechnologyinverter has an access control error vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1526",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology inverter",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006913"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-196"
},
{
"db": "NVD",
"id": "CVE-2017-9864"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006913"
}
]
},
"cve": "CVE-2017-9864",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9864",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27841",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-118067",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9864",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9864",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9864",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-27841",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-196",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118067",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27841"
},
{
"db": "VULHUB",
"id": "VHN-118067"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006913"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-196"
},
{
"db": "NVD",
"id": "CVE-2017-9864"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout policies and random-number generators based on timestamps, and makes timestamps for data analysis unreliable. NOTE: the vendor reports that this is largely irrelevant because it only affects log-entry timestamps, and because the plant time would later be reset via NTP. (It has never been the case that a lockout policy or random-number generator was affected.) Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. plural SMA Solar Technology The product contains vulnerabilities related to authorization, permissions, and access control. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9864Information may be tampered with. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. SMASolarTechnologyinverter has an access control error vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9864"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006913"
},
{
"db": "CNVD",
"id": "CNVD-2017-27841"
},
{
"db": "VULHUB",
"id": "VHN-118067"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9864",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006913",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-196",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-27841",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118067",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27841"
},
{
"db": "VULHUB",
"id": "VHN-118067"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006913"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-196"
},
{
"db": "NVD",
"id": "CVE-2017-9864"
}
]
},
"id": "VAR-201708-1526",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27841"
},
{
"db": "VULHUB",
"id": "VHN-118067"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27841"
}
]
},
"last_update_date": "2025-04-20T23:42:57.652000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006913"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118067"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006913"
},
{
"db": "NVD",
"id": "CVE-2017-9864"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.7,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.7,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9864"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9864"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27841"
},
{
"db": "VULHUB",
"id": "VHN-118067"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006913"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-196"
},
{
"db": "NVD",
"id": "CVE-2017-9864"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-27841"
},
{
"db": "VULHUB",
"id": "VHN-118067"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006913"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-196"
},
{
"db": "NVD",
"id": "CVE-2017-9864"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27841"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118067"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006913"
},
{
"date": "2017-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-196"
},
{
"date": "2017-08-05T17:29:00.850000",
"db": "NVD",
"id": "CVE-2017-9864"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27841"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-118067"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006913"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-196"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9864"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-196"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Vulnerabilities related to authorization, authority, and access control in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006913"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-196"
}
],
"trust": 0.6
}
}
VAR-201708-1521
Vulnerability from variot - Updated: 2025-04-20 23:42An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9851Service operation interruption (DoS) There is a possibility of being put into a state. SMASolarTechnologySunnyExplorerprogram is a photovoltaic device management software from SMA Germany. A denial of service vulnerability exists in SMASolarTechnologySunnyExplorerprogram. An attacker could exploit the vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1521",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny explorer",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny explorer",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology sunny explorer program",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28423"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006903"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-209"
},
{
"db": "NVD",
"id": "CVE-2017-9851"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sma_solar_technology_ag:sunny_explorer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006903"
}
]
},
"cve": "CVE-2017-9851",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9851",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-28423",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9851",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9851",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9851",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-28423",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-209",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28423"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006903"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-209"
},
{
"db": "NVD",
"id": "CVE-2017-9851"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9851Service operation interruption (DoS) There is a possibility of being put into a state. SMASolarTechnologySunnyExplorerprogram is a photovoltaic device management software from SMA Germany. A denial of service vulnerability exists in SMASolarTechnologySunnyExplorerprogram. An attacker could exploit the vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9851"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006903"
},
{
"db": "CNVD",
"id": "CNVD-2017-28423"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9851",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006903",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-28423",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-209",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28423"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006903"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-209"
},
{
"db": "NVD",
"id": "CVE-2017-9851"
}
]
},
"id": "VAR-201708-1521",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28423"
}
],
"trust": 1.44375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28423"
}
]
},
"last_update_date": "2025-04-20T23:42:10.212000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006903"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-19",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006903"
},
{
"db": "NVD",
"id": "CVE-2017-9851"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.6,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 1.6,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9851"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9851"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28423"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006903"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-209"
},
{
"db": "NVD",
"id": "CVE-2017-9851"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-28423"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006903"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-209"
},
{
"db": "NVD",
"id": "CVE-2017-9851"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28423"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006903"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-209"
},
{
"date": "2017-08-05T17:29:00.427000",
"db": "NVD",
"id": "CVE-2017-9851"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28423"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006903"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-209"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9851"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-209"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Data processing vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006903"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-209"
}
],
"trust": 0.6
}
}
VAR-201708-1533
Vulnerability from variot - Updated: 2025-04-20 23:36An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9861Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. A denial of service vulnerability exists in SMASolarTechnologyinverter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1533",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology inverter",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27837"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006891"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-199"
},
{
"db": "NVD",
"id": "CVE-2017-9861"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006891"
}
]
},
"cve": "CVE-2017-9861",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9861",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27837",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118064",
"impactScore": 8.5,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9861",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9861",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9861",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-27837",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-199",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118064",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27837"
},
{
"db": "VULHUB",
"id": "VHN-118064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006891"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-199"
},
{
"db": "NVD",
"id": "CVE-2017-9861"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, and man in the middle attacks. An attacker is able to successfully use SIP to communicate with the device from anywhere within the LAN. An attacker may use this to crash the device, stop it from communicating with the SMA servers, exploit known SIP vulnerabilities, or find sensitive information from the SIP communications. Furthermore, because the SIP communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. For example, passwords can be extracted. NOTE: the vendor\u0027s position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9861Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. A denial of service vulnerability exists in SMASolarTechnologyinverter",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9861"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006891"
},
{
"db": "CNVD",
"id": "CNVD-2017-27837"
},
{
"db": "VULHUB",
"id": "VHN-118064"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9861",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006891",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-199",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-27837",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118064",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27837"
},
{
"db": "VULHUB",
"id": "VHN-118064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006891"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-199"
},
{
"db": "NVD",
"id": "CVE-2017-9861"
}
]
},
"id": "VAR-201708-1533",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27837"
},
{
"db": "VULHUB",
"id": "VHN-118064"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27837"
}
]
},
"last_update_date": "2025-04-20T23:36:47.691000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006891"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006891"
},
{
"db": "NVD",
"id": "CVE-2017-9861"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.7,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 1.7,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9861"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9861"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27837"
},
{
"db": "VULHUB",
"id": "VHN-118064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006891"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-199"
},
{
"db": "NVD",
"id": "CVE-2017-9861"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-27837"
},
{
"db": "VULHUB",
"id": "VHN-118064"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006891"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-199"
},
{
"db": "NVD",
"id": "CVE-2017-9861"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27837"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118064"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006891"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-199"
},
{
"date": "2017-08-05T17:29:00.740000",
"db": "NVD",
"id": "CVE-2017-9861"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27837"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-118064"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006891"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-199"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9861"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-199"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Product injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006891"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-199"
}
],
"trust": 0.6
}
}
VAR-201708-1535
Vulnerability from variot - Updated: 2025-04-20 23:36An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9863Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologySunnyExplorer is a photovoltaic device management software from SMA Germany. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. The vulnerability could be exploited by a remote attacker to change the settings of the inverter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1535",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny explorer",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny explorer",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology inverter",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
},
{
"model": "solar technology sunny explorer",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28422"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006892"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-197"
},
{
"db": "NVD",
"id": "CVE-2017-9863"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:sma_solar_technology_ag:sunny_explorer",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006892"
}
]
},
"cve": "CVE-2017-9863",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9863",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-28422",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-118066",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-9863",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9863",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9863",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-28422",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-197",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118066",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28422"
},
{
"db": "VULHUB",
"id": "VHN-118066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006892"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-197"
},
{
"db": "NVD",
"id": "CVE-2017-9863"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9863Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologySunnyExplorer is a photovoltaic device management software from SMA Germany. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. The vulnerability could be exploited by a remote attacker to change the settings of the inverter",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9863"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006892"
},
{
"db": "CNVD",
"id": "CNVD-2017-28422"
},
{
"db": "VULHUB",
"id": "VHN-118066"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9863",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006892",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-197",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-28422",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118066",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28422"
},
{
"db": "VULHUB",
"id": "VHN-118066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006892"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-197"
},
{
"db": "NVD",
"id": "CVE-2017-9863"
}
]
},
"id": "VAR-201708-1535",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28422"
},
{
"db": "VULHUB",
"id": "VHN-118066"
}
],
"trust": 1.54375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28422"
}
]
},
"last_update_date": "2025-04-20T23:36:47.660000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006892"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006892"
},
{
"db": "NVD",
"id": "CVE-2017-9863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.1,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.1,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9863"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9863"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28422"
},
{
"db": "VULHUB",
"id": "VHN-118066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006892"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-197"
},
{
"db": "NVD",
"id": "CVE-2017-9863"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-28422"
},
{
"db": "VULHUB",
"id": "VHN-118066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006892"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-197"
},
{
"db": "NVD",
"id": "CVE-2017-9863"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28422"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118066"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006892"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-197"
},
{
"date": "2017-08-05T17:29:00.817000",
"db": "NVD",
"id": "CVE-2017-9863"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28422"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-118066"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006892"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-197"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9863"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-197"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SMA Solar Technology Sunny Explorer and inverter Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28422"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-197"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-197"
}
],
"trust": 0.6
}
}
VAR-201708-1534
Vulnerability from variot - Updated: 2025-04-20 23:35An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that "the information contained in the debug report is of marginal significance." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9862Information may be obtained. SMASolarTechnologySunnyExplorer is a photovoltaic device management software from SMA Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1534",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny explorer",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny explorer",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology sunny explorer",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28425"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006912"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-198"
},
{
"db": "NVD",
"id": "CVE-2017-9862"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:sma_solar_technology_ag:sunny_explorer",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006912"
}
]
},
"cve": "CVE-2017-9862",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9862",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-28425",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9862",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9862",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9862",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-28425",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-198",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28425"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006912"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-198"
},
{
"db": "NVD",
"id": "CVE-2017-9862"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that \"the information contained in the debug report is of marginal significance.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9862Information may be obtained. SMASolarTechnologySunnyExplorer is a photovoltaic device management software from SMA Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9862"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006912"
},
{
"db": "CNVD",
"id": "CNVD-2017-28425"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9862",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006912",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-28425",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-198",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28425"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006912"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-198"
},
{
"db": "NVD",
"id": "CVE-2017-9862"
}
]
},
"id": "VAR-201708-1534",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28425"
}
],
"trust": 1.2875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28425"
}
]
},
"last_update_date": "2025-04-20T23:35:46.914000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006912"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006912"
},
{
"db": "NVD",
"id": "CVE-2017-9862"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.0,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.0,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9862"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9862"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28425"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006912"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-198"
},
{
"db": "NVD",
"id": "CVE-2017-9862"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-28425"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006912"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-198"
},
{
"db": "NVD",
"id": "CVE-2017-9862"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28425"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006912"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-198"
},
{
"date": "2017-08-05T17:29:00.770000",
"db": "NVD",
"id": "CVE-2017-9862"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28425"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006912"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-198"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9862"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-198"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006912"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-198"
}
],
"trust": 0.6
}
}
VAR-201708-1522
Vulnerability from variot - Updated: 2025-04-20 23:32An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9852Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. There is a security hole in SMASolarTechnologyinverter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1522",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology inverter",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27845"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006904"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-208"
},
{
"db": "NVD",
"id": "CVE-2017-9852"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006904"
}
]
},
"cve": "CVE-2017-9852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9852",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27845",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118055",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9852",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9852",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9852",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-27845",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-208",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118055",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27845"
},
{
"db": "VULHUB",
"id": "VHN-118055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006904"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-208"
},
{
"db": "NVD",
"id": "CVE-2017-9852"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9852Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. There is a security hole in SMASolarTechnologyinverter",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9852"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006904"
},
{
"db": "CNVD",
"id": "CNVD-2017-27845"
},
{
"db": "VULHUB",
"id": "VHN-118055"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9852",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006904",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-208",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-27845",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118055",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27845"
},
{
"db": "VULHUB",
"id": "VHN-118055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006904"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-208"
},
{
"db": "NVD",
"id": "CVE-2017-9852"
}
]
},
"id": "VAR-201708-1522",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27845"
},
{
"db": "VULHUB",
"id": "VHN-118055"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27845"
}
]
},
"last_update_date": "2025-04-20T23:32:05.933000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006904"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006904"
},
{
"db": "NVD",
"id": "CVE-2017-9852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.7,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.7,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9852"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9852"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27845"
},
{
"db": "VULHUB",
"id": "VHN-118055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006904"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-208"
},
{
"db": "NVD",
"id": "CVE-2017-9852"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-27845"
},
{
"db": "VULHUB",
"id": "VHN-118055"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006904"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-208"
},
{
"db": "NVD",
"id": "CVE-2017-9852"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27845"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118055"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006904"
},
{
"date": "2017-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-208"
},
{
"date": "2017-08-05T17:29:00.457000",
"db": "NVD",
"id": "CVE-2017-9852"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27845"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-118055"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006904"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-208"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9852"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-208"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Vulnerabilities related to security functions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006904"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-208"
}
],
"trust": 0.6
}
}
VAR-201708-1536
Vulnerability from variot - Updated: 2025-04-20 23:29An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This issue has not been confirmed as a vulnerability. Vendors are challenging this vulnerability. See below for details NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9854Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SMASolarTechnologySunnyExplorer is a photovoltaic device management software from SMA Germany. An attacker could exploit the vulnerability to obtain information and create and save a .txt file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1536",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology sunny explorer",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28424"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006906"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-206"
},
{
"db": "NVD",
"id": "CVE-2017-9854"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006906"
}
]
},
"cve": "CVE-2017-9854",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9854",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-28424",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118057",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9854",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9854",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9854",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-28424",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-206",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118057",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28424"
},
{
"db": "VULHUB",
"id": "VHN-118057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006906"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-206"
},
{
"db": "NVD",
"id": "CVE-2017-9854"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This issue has not been confirmed as a vulnerability. Vendors are challenging this vulnerability. See below for details NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9854Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SMASolarTechnologySunnyExplorer is a photovoltaic device management software from SMA Germany. An attacker could exploit the vulnerability to obtain information and create and save a .txt file",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9854"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006906"
},
{
"db": "CNVD",
"id": "CNVD-2017-28424"
},
{
"db": "VULHUB",
"id": "VHN-118057"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9854",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006906",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-206",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-28424",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118057",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28424"
},
{
"db": "VULHUB",
"id": "VHN-118057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006906"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-206"
},
{
"db": "NVD",
"id": "CVE-2017-9854"
}
]
},
"id": "VAR-201708-1536",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28424"
},
{
"db": "VULHUB",
"id": "VHN-118057"
}
],
"trust": 1.3875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28424"
}
]
},
"last_update_date": "2025-04-20T23:29:34.790000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
},
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006906"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-311",
"trust": 1.1
},
{
"problemtype": "CWE-200",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006906"
},
{
"db": "NVD",
"id": "CVE-2017-9854"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.7,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.7,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9854"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9854"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-28424"
},
{
"db": "VULHUB",
"id": "VHN-118057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006906"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-206"
},
{
"db": "NVD",
"id": "CVE-2017-9854"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-28424"
},
{
"db": "VULHUB",
"id": "VHN-118057"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006906"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-206"
},
{
"db": "NVD",
"id": "CVE-2017-9854"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28424"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118057"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006906"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-206"
},
{
"date": "2017-08-05T17:29:00.520000",
"db": "NVD",
"id": "CVE-2017-9854"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-28424"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-118057"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006906"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-206"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9854"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-206"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Information disclosure vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006906"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-206"
}
],
"trust": 0.6
}
}
VAR-201708-1530
Vulnerability from variot - Updated: 2025-04-20 23:25An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now knows exactly which users exist and which do not. NOTE: the vendor's position is that this "is not a security gap per se." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9858Information may be obtained. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. There is a security hole in SMASolarTechnologyinverter
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1530",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology inverter",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27839"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006910"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-202"
},
{
"db": "NVD",
"id": "CVE-2017-9858"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006910"
}
]
},
"cve": "CVE-2017-9858",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9858",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27839",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118061",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9858",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9858",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9858",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-27839",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-202",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118061",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27839"
},
{
"db": "VULHUB",
"id": "VHN-118061"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006910"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-202"
},
{
"db": "NVD",
"id": "CVE-2017-9858"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now knows exactly which users exist and which do not. NOTE: the vendor\u0027s position is that this \"is not a security gap per se.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9858Information may be obtained. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. There is a security hole in SMASolarTechnologyinverter",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9858"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006910"
},
{
"db": "CNVD",
"id": "CNVD-2017-27839"
},
{
"db": "VULHUB",
"id": "VHN-118061"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9858",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006910",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-202",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-27839",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118061",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27839"
},
{
"db": "VULHUB",
"id": "VHN-118061"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006910"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-202"
},
{
"db": "NVD",
"id": "CVE-2017-9858"
}
]
},
"id": "VAR-201708-1530",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27839"
},
{
"db": "VULHUB",
"id": "VHN-118061"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27839"
}
]
},
"last_update_date": "2025-04-20T23:25:57.941000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006910"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118061"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006910"
},
{
"db": "NVD",
"id": "CVE-2017-9858"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.1,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.1,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9858"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9858"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27839"
},
{
"db": "VULHUB",
"id": "VHN-118061"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006910"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-202"
},
{
"db": "NVD",
"id": "CVE-2017-9858"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-27839"
},
{
"db": "VULHUB",
"id": "VHN-118061"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006910"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-202"
},
{
"db": "NVD",
"id": "CVE-2017-9858"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27839"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118061"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006910"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-202"
},
{
"date": "2017-08-05T17:29:00.647000",
"db": "NVD",
"id": "CVE-2017-9858"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27839"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-118061"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006910"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-202"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9858"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-202"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Information disclosure vulnerability in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006910"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-202"
}
],
"trust": 0.6
}
}
VAR-201708-1539
Vulnerability from variot - Updated: 2025-04-20 23:24An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9857Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in SMASolarTechnologyinverter that stems from a failure to properly use cryptographic authentication. An attacker can exploit this vulnerability to implement man-in-the-middle and replay attacks and change settings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1539",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology inverter",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27844"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006909"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-203"
},
{
"db": "NVD",
"id": "CVE-2017-9857"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006909"
}
]
},
"cve": "CVE-2017-9857",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-9857",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-27844",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-118060",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-9857",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9857",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9857",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-27844",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-203",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118060",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27844"
},
{
"db": "VULHUB",
"id": "VHN-118060"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006909"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-203"
},
{
"db": "NVD",
"id": "CVE-2017-9857"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor\u0027s position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9857Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in SMASolarTechnologyinverter that stems from a failure to properly use cryptographic authentication. An attacker can exploit this vulnerability to implement man-in-the-middle and replay attacks and change settings",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9857"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006909"
},
{
"db": "CNVD",
"id": "CNVD-2017-27844"
},
{
"db": "VULHUB",
"id": "VHN-118060"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9857",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006909",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-203",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-27844",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118060",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27844"
},
{
"db": "VULHUB",
"id": "VHN-118060"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006909"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-203"
},
{
"db": "NVD",
"id": "CVE-2017-9857"
}
]
},
"id": "VAR-201708-1539",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27844"
},
{
"db": "VULHUB",
"id": "VHN-118060"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27844"
}
]
},
"last_update_date": "2025-04-20T23:24:54.516000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006909"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118060"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006909"
},
{
"db": "NVD",
"id": "CVE-2017-9857"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.1,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.1,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9857"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9857"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27844"
},
{
"db": "VULHUB",
"id": "VHN-118060"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006909"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-203"
},
{
"db": "NVD",
"id": "CVE-2017-9857"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-27844"
},
{
"db": "VULHUB",
"id": "VHN-118060"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006909"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-203"
},
{
"db": "NVD",
"id": "CVE-2017-9857"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27844"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118060"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006909"
},
{
"date": "2017-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-203"
},
{
"date": "2017-08-05T17:29:00.613000",
"db": "NVD",
"id": "CVE-2017-9857"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27844"
},
{
"date": "2017-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-118060"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006909"
},
{
"date": "2017-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-203"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9857"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-203"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Authentication vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006909"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-203"
}
],
"trust": 0.6
}
}
VAR-201708-1538
Vulnerability from variot - Updated: 2025-04-20 23:23An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9856Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1538",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology inverter",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27847"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006908"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-204"
},
{
"db": "NVD",
"id": "CVE-2017-9856"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006908"
}
]
},
"cve": "CVE-2017-9856",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9856",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27847",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118059",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9856",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.6,
"id": "CVE-2017-9856",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9856",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2017-9856",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2017-9856",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-27847",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-204",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118059",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27847"
},
{
"db": "VULHUB",
"id": "VHN-118059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006908"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-204"
},
{
"db": "NVD",
"id": "CVE-2017-9856"
},
{
"db": "NVD",
"id": "CVE-2017-9856"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are \"encrypted\" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9856Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9856"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006908"
},
{
"db": "CNVD",
"id": "CNVD-2017-27847"
},
{
"db": "VULHUB",
"id": "VHN-118059"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9856",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006908",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-204",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-27847",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118059",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27847"
},
{
"db": "VULHUB",
"id": "VHN-118059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006908"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-204"
},
{
"db": "NVD",
"id": "CVE-2017-9856"
}
]
},
"id": "VAR-201708-1538",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27847"
},
{
"db": "VULHUB",
"id": "VHN-118059"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27847"
}
]
},
"last_update_date": "2025-04-20T23:23:37.578000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006908"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-256",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006908"
},
{
"db": "NVD",
"id": "CVE-2017-9856"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.7,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.7,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9856"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9856"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27847"
},
{
"db": "VULHUB",
"id": "VHN-118059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006908"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-204"
},
{
"db": "NVD",
"id": "CVE-2017-9856"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-27847"
},
{
"db": "VULHUB",
"id": "VHN-118059"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006908"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-204"
},
{
"db": "NVD",
"id": "CVE-2017-9856"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27847"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118059"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006908"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-204"
},
{
"date": "2017-08-05T17:29:00.583000",
"db": "NVD",
"id": "CVE-2017-9856"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27847"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-118059"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006908"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-204"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9856"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-204"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Cryptographic vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006908"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-204"
}
],
"trust": 0.6
}
}
VAR-201708-1537
Vulnerability from variot - Updated: 2025-04-20 23:22An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. plural SMA Solar Technology The product contains vulnerabilities related to authorization, permissions, and access control. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9855Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. There is a security hole in SMASolarTechnologyinverter. An attacker could exploit this vulnerability to change sensitive parameters
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1537",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology inverter",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27846"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-205"
},
{
"db": "NVD",
"id": "CVE-2017-9855"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006907"
}
]
},
"cve": "CVE-2017-9855",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9855",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27846",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118058",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9855",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9855",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9855",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2017-9855",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9855",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-27846",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-205",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118058",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27846"
},
{
"db": "VULHUB",
"id": "VHN-118058"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-205"
},
{
"db": "NVD",
"id": "CVE-2017-9855"
},
{
"db": "NVD",
"id": "CVE-2017-9855"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. plural SMA Solar Technology The product contains vulnerabilities related to authorization, permissions, and access control. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9855Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. There is a security hole in SMASolarTechnologyinverter. An attacker could exploit this vulnerability to change sensitive parameters",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9855"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006907"
},
{
"db": "CNVD",
"id": "CNVD-2017-27846"
},
{
"db": "VULHUB",
"id": "VHN-118058"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9855",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006907",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-205",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-27846",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118058",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27846"
},
{
"db": "VULHUB",
"id": "VHN-118058"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-205"
},
{
"db": "NVD",
"id": "CVE-2017-9855"
}
]
},
"id": "VAR-201708-1537",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27846"
},
{
"db": "VULHUB",
"id": "VHN-118058"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27846"
}
]
},
"last_update_date": "2025-04-20T23:22:12.763000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006907"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-863",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118058"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006907"
},
{
"db": "NVD",
"id": "CVE-2017-9855"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.7,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.7,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9855"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9855"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27846"
},
{
"db": "VULHUB",
"id": "VHN-118058"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-205"
},
{
"db": "NVD",
"id": "CVE-2017-9855"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-27846"
},
{
"db": "VULHUB",
"id": "VHN-118058"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006907"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-205"
},
{
"db": "NVD",
"id": "CVE-2017-9855"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27846"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118058"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006907"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-205"
},
{
"date": "2017-08-05T17:29:00.553000",
"db": "NVD",
"id": "CVE-2017-9855"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27846"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-118058"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006907"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-205"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9855"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-205"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Vulnerabilities related to authorization, authority, and access control in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006907"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-205"
}
],
"trust": 0.6
}
}
VAR-201708-1523
Vulnerability from variot - Updated: 2025-04-20 23:19An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides "a very high security standard." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9853Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. This vulnerability stems from the fact that the program uses a weaker password policy that an attacker can use to obtain a password
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1523",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology inverter",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006905"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-207"
},
{
"db": "NVD",
"id": "CVE-2017-9853"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006905"
}
]
},
"cve": "CVE-2017-9853",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9853",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27842",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118056",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9853",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9853",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9853",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-27842",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-207",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118056",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27842"
},
{
"db": "VULHUB",
"id": "VHN-118056"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006905"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-207"
},
{
"db": "NVD",
"id": "CVE-2017-9853"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides \"a very high security standard.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9853Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. This vulnerability stems from the fact that the program uses a weaker password policy that an attacker can use to obtain a password",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9853"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006905"
},
{
"db": "CNVD",
"id": "CNVD-2017-27842"
},
{
"db": "VULHUB",
"id": "VHN-118056"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9853",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006905",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-207",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-27842",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118056",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27842"
},
{
"db": "VULHUB",
"id": "VHN-118056"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006905"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-207"
},
{
"db": "NVD",
"id": "CVE-2017-9853"
}
]
},
"id": "VAR-201708-1523",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27842"
},
{
"db": "VULHUB",
"id": "VHN-118056"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27842"
}
]
},
"last_update_date": "2025-04-20T23:19:52.286000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006905"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-521",
"trust": 1.1
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118056"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006905"
},
{
"db": "NVD",
"id": "CVE-2017-9853"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.7,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.7,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9853"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9853"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27842"
},
{
"db": "VULHUB",
"id": "VHN-118056"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006905"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-207"
},
{
"db": "NVD",
"id": "CVE-2017-9853"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-27842"
},
{
"db": "VULHUB",
"id": "VHN-118056"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006905"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-207"
},
{
"db": "NVD",
"id": "CVE-2017-9853"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27842"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118056"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006905"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-207"
},
{
"date": "2017-08-05T17:29:00.490000",
"db": "NVD",
"id": "CVE-2017-9853"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27842"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-118056"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006905"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-207"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9853"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-207"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Vulnerabilities related to security functions in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006905"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-207"
}
],
"trust": 0.6
}
}
VAR-201708-1531
Vulnerability from variot - Updated: 2025-04-20 23:15An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9859Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1531",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology inverter",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006911"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-201"
},
{
"db": "NVD",
"id": "CVE-2017-9859"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006911"
}
]
},
"cve": "CVE-2017-9859",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9859",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27840",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-118062",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9859",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9859",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9859",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-27840",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-201",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118062",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27840"
},
{
"db": "VULHUB",
"id": "VHN-118062"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006911"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-201"
},
{
"db": "NVD",
"id": "CVE-2017-9859"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor\u0027s position is that \"we consider the probability of the success of such manipulation to be extremely low.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9859Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9859"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006911"
},
{
"db": "CNVD",
"id": "CNVD-2017-27840"
},
{
"db": "VULHUB",
"id": "VHN-118062"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9859",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006911",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-201",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-27840",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118062",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27840"
},
{
"db": "VULHUB",
"id": "VHN-118062"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006911"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-201"
},
{
"db": "NVD",
"id": "CVE-2017-9859"
}
]
},
"id": "VAR-201708-1531",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27840"
},
{
"db": "VULHUB",
"id": "VHN-118062"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27840"
}
]
},
"last_update_date": "2025-04-20T23:15:59.077000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006911"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-327",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118062"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006911"
},
{
"db": "NVD",
"id": "CVE-2017-9859"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.7,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.7,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9859"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9859"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27840"
},
{
"db": "VULHUB",
"id": "VHN-118062"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006911"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-201"
},
{
"db": "NVD",
"id": "CVE-2017-9859"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-27840"
},
{
"db": "VULHUB",
"id": "VHN-118062"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006911"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-201"
},
{
"db": "NVD",
"id": "CVE-2017-9859"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27840"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118062"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006911"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-201"
},
{
"date": "2017-08-05T17:29:00.677000",
"db": "NVD",
"id": "CVE-2017-9859"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27840"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-118062"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006911"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-201"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9859"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SMA Solar Technology Cryptographic vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006911"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-201"
}
],
"trust": 0.6
}
}
VAR-201708-1532
Vulnerability from variot - Updated: 2025-04-20 21:00An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by "a final integrity and compatibility check." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9860Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. An attacker could exploit the vulnerability to upgrade the firmware of the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1532",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny tripower 60",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower core1",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": "eq",
"trust": 1.6,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 630cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 720",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 760",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 800",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 500cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 500",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 2200",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 630",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 900",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 850",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": null
},
{
"model": "sunny boy 1.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3.6",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 3600tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 4000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5.0",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny boy storage 2.5",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 1000cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 500cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 630cp",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 720cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 760cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 800cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 850cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central 900cp xt",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 1000",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2200",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 2500-ev",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 500",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 630",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 720",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 760",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 800",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 850",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny central storage 900",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 12000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 15000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 20000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 25000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 5000tl",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower 60",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny tripower core1",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "solar technology inverter",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27836"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006890"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-200"
},
{
"db": "NVD",
"id": "CVE-2017-9860"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_1.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3.6_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_3600tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_4000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5.0_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_boy_storage_2.5_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_1000cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_500cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_630cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_720cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_760cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_800cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_850cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_900cp_xt_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_1000_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_2500-ev_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_500_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_630_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_720_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_760_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_800_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_850_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_central_storage_900_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_12000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_15000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_20000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_25000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_5000tl_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_60_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:sunny_tripower_core1_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006890"
}
]
},
"cve": "CVE-2017-9860",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2017-9860",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-27836",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-118063",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9860",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9860",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-9860",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-27836",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-200",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118063",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-9860",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27836"
},
{
"db": "VULHUB",
"id": "VHN-118063"
},
{
"db": "VULMON",
"id": "CVE-2017-9860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006890"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-200"
},
{
"db": "NVD",
"id": "CVE-2017-9860"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by \"a final integrity and compatibility check.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9860Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. An attacker could exploit the vulnerability to upgrade the firmware of the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006890"
},
{
"db": "CNVD",
"id": "CNVD-2017-27836"
},
{
"db": "VULHUB",
"id": "VHN-118063"
},
{
"db": "VULMON",
"id": "CVE-2017-9860"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9860",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006890",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-200",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-27836",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-118063",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-9860",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-27836"
},
{
"db": "VULHUB",
"id": "VHN-118063"
},
{
"db": "VULMON",
"id": "CVE-2017-9860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006890"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-200"
},
{
"db": "NVD",
"id": "CVE-2017-9860"
}
]
},
"id": "VAR-201708-1532",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-27836"
},
{
"db": "VULHUB",
"id": "VHN-118063"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"industrial device"
],
"sub_category": "solar inverter",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-27836"
}
]
},
"last_update_date": "2025-04-20T21:00:24.352000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Statement on Cyber Security",
"trust": 0.8,
"url": "https://www.sma.de/en/statement-on-cyber-security.html"
},
{
"title": "WHITEPAPER CYBER SECURITY",
"trust": 0.8,
"url": "https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-006890"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-284",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118063"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006890"
},
{
"db": "NVD",
"id": "CVE-2017-9860"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://horusscenario.com/cve-information/"
},
{
"trust": 1.8,
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"trust": 1.8,
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9860"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9860"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-27836"
},
{
"db": "VULHUB",
"id": "VHN-118063"
},
{
"db": "VULMON",
"id": "CVE-2017-9860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006890"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-200"
},
{
"db": "NVD",
"id": "CVE-2017-9860"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "CNVD",
"id": "CNVD-2017-27836"
},
{
"db": "VULHUB",
"id": "VHN-118063"
},
{
"db": "VULMON",
"id": "CVE-2017-9860"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-006890"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-200"
},
{
"db": "NVD",
"id": "CVE-2017-9860"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27836"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULHUB",
"id": "VHN-118063"
},
{
"date": "2017-08-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9860"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006890"
},
{
"date": "2017-08-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-200"
},
{
"date": "2017-08-05T17:29:00.707000",
"db": "NVD",
"id": "CVE-2017-9860"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-27836"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-118063"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9860"
},
{
"date": "2017-09-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-006890"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-200"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9860"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-200"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SMA Solar Technology inverter Access Control Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-27836"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-200"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-200"
}
],
"trust": 0.6
}
}
VAR-201509-0445
Vulnerability from variot - Updated: 2025-04-12 23:15SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlAccess may be obtained by a third party. The SMA Solar Sunny WebBox is a device from SMA Germany for remote monitoring and maintenance of large and medium-sized PV plants. Sunny WebBox is prone to a security-bypass vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201509-0445",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "webbox",
"scope": "eq",
"trust": 1.6,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny webbox",
"scope": null,
"trust": 0.8,
"vendor": "sma solar",
"version": null
},
{
"model": "sunny webbox",
"scope": null,
"trust": 0.6,
"vendor": "sma",
"version": null
},
{
"model": "solar technology ag sunny webbox",
"scope": "eq",
"trust": 0.3,
"vendor": "sma",
"version": "1.46"
},
{
"model": "solar technology ag sunny webbox",
"scope": "eq",
"trust": 0.3,
"vendor": "sma",
"version": "1.45"
},
{
"model": "solar technology ag sunny webbox",
"scope": "eq",
"trust": 0.3,
"vendor": "sma",
"version": "1.44"
},
{
"model": "solar technology ag sunny webbox",
"scope": "eq",
"trust": 0.3,
"vendor": "sma",
"version": "1.43"
},
{
"model": "solar technology ag sunny webbox",
"scope": "eq",
"trust": 0.3,
"vendor": "sma",
"version": "1.42"
},
{
"model": "solar technology ag sunny webbox",
"scope": "eq",
"trust": 0.3,
"vendor": "sma",
"version": "1.41"
},
{
"model": "solar technology ag sunny webbox",
"scope": "eq",
"trust": 0.3,
"vendor": "sma",
"version": "1.40"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06020"
},
{
"db": "BID",
"id": "76617"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004691"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-142"
},
{
"db": "NVD",
"id": "CVE-2015-3964"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:webbox_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004691"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aleksandr Timorin of PT Security",
"sources": [
{
"db": "BID",
"id": "76617"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3964",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-3964",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-06020",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-81925",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3964",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3964",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-06020",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-142",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-81925",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06020"
},
{
"db": "VULHUB",
"id": "VHN-81925"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004691"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-142"
},
{
"db": "NVD",
"id": "CVE-2015-3964"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-798: Use of Hard-coded Credentials ( Using hard-coded credentials ) Has been identified. http://cwe.mitre.org/data/definitions/798.htmlAccess may be obtained by a third party. The SMA Solar Sunny WebBox is a device from SMA Germany for remote monitoring and maintenance of large and medium-sized PV plants. Sunny WebBox is prone to a security-bypass vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3964"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004691"
},
{
"db": "CNVD",
"id": "CNVD-2015-06020"
},
{
"db": "BID",
"id": "76617"
},
{
"db": "VULHUB",
"id": "VHN-81925"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3964",
"trust": 3.4
},
{
"db": "ICS CERT",
"id": "ICSA-15-181-02",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004691",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-142",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06020",
"trust": 0.6
},
{
"db": "BID",
"id": "76617",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-81925",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06020"
},
{
"db": "VULHUB",
"id": "VHN-81925"
},
{
"db": "BID",
"id": "76617"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004691"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-142"
},
{
"db": "NVD",
"id": "CVE-2015-3964"
}
]
},
"id": "VAR-201509-0445",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06020"
},
{
"db": "VULHUB",
"id": "VHN-81925"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06020"
}
]
},
"last_update_date": "2025-04-12T23:15:38.661000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "http://www.sma-japan.com/"
},
{
"title": "Patch for SMA Solar Sunny WebBox Access Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/63988"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06020"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004691"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004691"
},
{
"db": "NVD",
"id": "CVE-2015-3964"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-181-02"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2015/sep/51"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3964"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3964"
},
{
"trust": 0.3,
"url": "http://www.sma-america.com/products/monitoring-control/sunny-webbox.html#release-notes-165757"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06020"
},
{
"db": "VULHUB",
"id": "VHN-81925"
},
{
"db": "BID",
"id": "76617"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004691"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-142"
},
{
"db": "NVD",
"id": "CVE-2015-3964"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-06020"
},
{
"db": "VULHUB",
"id": "VHN-81925"
},
{
"db": "BID",
"id": "76617"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004691"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-142"
},
{
"db": "NVD",
"id": "CVE-2015-3964"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06020"
},
{
"date": "2015-09-11T00:00:00",
"db": "VULHUB",
"id": "VHN-81925"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76617"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004691"
},
{
"date": "2015-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-142"
},
{
"date": "2015-09-11T16:59:03.673000",
"db": "NVD",
"id": "CVE-2015-3964"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06020"
},
{
"date": "2016-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-81925"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76617"
},
{
"date": "2015-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004691"
},
{
"date": "2015-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-142"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-3964"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-142"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SMA Solar Sunny WebBox Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004691"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-142"
}
],
"trust": 0.6
}
}
VAR-202402-2638
Vulnerability from variot - Updated: 2025-03-13 23:06Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202402-2638",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clcon-s-10",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": "01.05.01.r"
},
{
"model": "clcon-10",
"scope": "eq",
"trust": 1.0,
"vendor": "sma",
"version": "01.05.01.r"
},
{
"model": "sunny webbox",
"scope": null,
"trust": 0.8,
"vendor": "sma",
"version": null
},
{
"model": "cluster controller",
"scope": null,
"trust": 0.8,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020057"
},
{
"db": "NVD",
"id": "CVE-2024-1889"
}
]
},
"cve": "CVE-2024-1889",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "cve-coordination@incibe.es",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-1889",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-020057",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cve-coordination@incibe.es",
"id": "CVE-2024-1889",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-1889",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-020057",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020057"
},
{
"db": "NVD",
"id": "CVE-2024-1889"
},
{
"db": "NVD",
"id": "CVE-2024-1889"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-1889"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020057"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-1889",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-020057",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020057"
},
{
"db": "NVD",
"id": "CVE-2024-1889"
}
]
},
"id": "VAR-202402-2638",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2025-03-13T23:06:38.101000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.0
},
{
"problemtype": "Cross-site request forgery (CWE-352) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020057"
},
{
"db": "NVD",
"id": "CVE-2024-1889"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-1889"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020057"
},
{
"db": "NVD",
"id": "CVE-2024-1889"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020057"
},
{
"db": "NVD",
"id": "CVE-2024-1889"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-03-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-020057"
},
{
"date": "2024-02-26T16:27:55.130000",
"db": "NVD",
"id": "CVE-2024-1889"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-03-10T09:58:00",
"db": "JVNDB",
"id": "JVNDB-2024-020057"
},
{
"date": "2025-03-11T14:51:56.797000",
"db": "NVD",
"id": "CVE-2024-1889"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sma\u00a0 of \u00a0Cluster\u00a0Controller\u00a0 firmware and \u00a0Sunny\u00a0Webbox\u00a0 Cross-site request forgery vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-020057"
}
],
"trust": 0.8
}
}
VAR-202402-2745
Vulnerability from variot - Updated: 2025-03-12 23:26Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier. sma of Cluster Controller firmware and Sunny Webbox A vulnerability exists in the firmware that involves improper restriction of rendered user interface layers or frames.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202402-2745",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sunny webbox",
"scope": "lte",
"trust": 1.0,
"vendor": "sma",
"version": "1.61"
},
{
"model": "cluster controller",
"scope": null,
"trust": 0.8,
"vendor": "sma",
"version": null
},
{
"model": "sunny webbox",
"scope": null,
"trust": 0.8,
"vendor": "sma",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-019514"
},
{
"db": "NVD",
"id": "CVE-2024-1890"
}
]
},
"cve": "CVE-2024-1890",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "cve-coordination@incibe.es",
"availabilityImpact": "LOW",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2024-1890",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-1890",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2024-1890",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "cve-coordination@incibe.es",
"id": "CVE-2024-1890",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-1890",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2024-1890",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-019514"
},
{
"db": "NVD",
"id": "CVE-2024-1890"
},
{
"db": "NVD",
"id": "CVE-2024-1890"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier. sma of Cluster Controller firmware and Sunny Webbox A vulnerability exists in the firmware that involves improper restriction of rendered user interface layers or frames.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-1890"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-019514"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-1890",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-019514",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-019514"
},
{
"db": "NVD",
"id": "CVE-2024-1890"
}
]
},
"id": "VAR-202402-2745",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.6666667
},
"last_update_date": "2025-03-12T23:26:00.482000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1021",
"trust": 1.0
},
{
"problemtype": "Improper restrictions on rendered user interface layers or frames (CWE-1021) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-019514"
},
{
"db": "NVD",
"id": "CVE-2024-1890"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-1890"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-019514"
},
{
"db": "NVD",
"id": "CVE-2024-1890"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-019514"
},
{
"db": "NVD",
"id": "CVE-2024-1890"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-019514"
},
{
"date": "2024-02-26T16:27:55.340000",
"db": "NVD",
"id": "CVE-2024-1890"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-02-28T08:04:00",
"db": "JVNDB",
"id": "JVNDB-2024-019514"
},
{
"date": "2025-03-11T14:51:33.223000",
"db": "NVD",
"id": "CVE-2024-1890"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sma\u00a0 of \u00a0Cluster\u00a0Controller\u00a0 firmware and \u00a0Sunny\u00a0Webbox\u00a0 Vulnerability related to improper restriction of rendered user interface layers or frames in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-019514"
}
],
"trust": 0.8
}
}
VAR-201910-1210
Vulnerability from variot - Updated: 2024-11-23 23:08An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation. Sunny WebBox The firmware contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMA Solar Technology Sunny WebBox is a device for recording, storing, displaying and transmitting solar system data from SMA Solar Technology in Germany. A Cross Site Request Forgery vulnerability exists in SMA Solar Technology Sunny WebBox with firmware version 1.6 and earlier. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "sunny webbox",
"scope": "lte",
"trust": 1.0,
"vendor": "sma",
"version": "1.6"
},
{
"_id": null,
"model": "sunny webbox",
"scope": "lte",
"trust": 0.8,
"vendor": "sma solar",
"version": "1.6"
},
{
"_id": null,
"model": "sunny webbox",
"scope": "eq",
"trust": 0.6,
"vendor": "sma",
"version": null
},
{
"_id": null,
"model": "sunny webbox",
"scope": "eq",
"trust": 0.6,
"vendor": "sma",
"version": "1.6"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010634"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-423"
},
{
"db": "NVD",
"id": "CVE-2019-13529"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:sma_solar_technology_ag:webbox_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010634"
}
]
},
"credits": {
"_id": null,
"data": "Borja Merino",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-423"
}
],
"trust": 0.6
},
"cve": "CVE-2019-13529",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13529",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-145384",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-13529",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-13529",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-13529",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-13529",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-423",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-145384",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-13529",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145384"
},
{
"db": "VULMON",
"id": "CVE-2019-13529"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010634"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-423"
},
{
"db": "NVD",
"id": "CVE-2019-13529"
}
]
},
"description": {
"_id": null,
"data": "An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation. Sunny WebBox The firmware contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMA Solar Technology Sunny WebBox is a device for recording, storing, displaying and transmitting solar system data from SMA Solar Technology in Germany. A Cross Site Request Forgery vulnerability exists in SMA Solar Technology Sunny WebBox with firmware version 1.6 and earlier. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13529"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010634"
},
{
"db": "VULHUB",
"id": "VHN-145384"
},
{
"db": "VULMON",
"id": "CVE-2019-13529"
}
],
"trust": 1.8
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=47480",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-13529"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2019-13529",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSA-19-281-01",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "154789",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010634",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-423",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "47480",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.3776",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-145384",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-13529",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145384"
},
{
"db": "VULMON",
"id": "CVE-2019-13529"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010634"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-423"
},
{
"db": "NVD",
"id": "CVE-2019-13529"
}
]
},
"id": "VAR-201910-1210",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-145384"
}
],
"trust": 0.7666666999999999
},
"last_update_date": "2024-11-23T23:08:14.032000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.sma.de/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010634"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145384"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010634"
},
{
"db": "NVD",
"id": "CVE-2019-13529"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-281-01"
},
{
"trust": 1.8,
"url": "http://packetstormsecurity.com/files/154789/sma-solar-technology-ag-sunny-webbox-1.6-cross-site-request-forgery.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13529"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13529"
},
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/47480"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.3776/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/110350"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145384"
},
{
"db": "VULMON",
"id": "CVE-2019-13529"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010634"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-423"
},
{
"db": "NVD",
"id": "CVE-2019-13529"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-145384",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2019-13529",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010634",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201910-423",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2019-13529",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-145384",
"ident": null
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13529",
"ident": null
},
{
"date": "2019-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010634",
"ident": null
},
{
"date": "2019-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-423",
"ident": null
},
{
"date": "2019-10-09T16:15:14.310000",
"db": "NVD",
"id": "CVE-2019-13529",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2019-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-145384",
"ident": null
},
{
"date": "2019-10-15T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13529",
"ident": null
},
{
"date": "2019-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010634",
"ident": null
},
{
"date": "2019-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-423",
"ident": null
},
{
"date": "2024-11-21T04:25:05.087000",
"db": "NVD",
"id": "CVE-2019-13529",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-423"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Sunny WebBox Firmware cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010634"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-423"
}
],
"trust": 0.6
}
}