Vulnerabilities > CVE-2017-9856 - Unspecified vulnerability in SMA products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sma

critical

NVD

Published: 2017-08-05

Updated: 2024-04-11

Summary

An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Vulnerable Configurations

Part	Description	Count
OS	Sma SMA Sunny BOY 3600 Firmware - SMA Sunny BOY 5000 Firmware - SMA Sunny Tripower Core1 Firmware - SMA Sunny Tripower 15000Tl Firmware - SMA Sunny Tripower 20000Tl Firmware - SMA Sunny Tripower 25000Tl Firmware - SMA Sunny Tripower 5000Tl Firmware - SMA Sunny Tripower 12000Tl Firmware - SMA Sunny Tripower 60 Firmware - SMA Sunny BOY 3000Tl Firmware - SMA Sunny BOY 3600Tl Firmware - SMA Sunny BOY 4000Tl Firmware - SMA Sunny BOY 5000Tl Firmware - SMA Sunny BOY 1.5 Firmware - SMA Sunny BOY 2.5 Firmware - SMA Sunny BOY 3.0 Firmware - SMA Sunny BOY 3.6 Firmware - SMA Sunny BOY 4.0 Firmware - SMA Sunny BOY 5.0 Firmware - SMA Sunny Central 2200 Firmware - SMA Sunny Central 1000Cp XT Firmware - SMA Sunny Central 800Cp XT Firmware - SMA Sunny Central 850Cp XT Firmware - SMA Sunny Central 900Cp XT Firmware - SMA Sunny Central 500Cp XT Firmware - SMA Sunny Central 630Cp XT Firmware - SMA Sunny Central 720Cp XT Firmware - SMA Sunny Central 760Cp XT Firmware - SMA Sunny Central Storage 500 Firmware - SMA Sunny Central Storage 630 Firmware - SMA Sunny Central Storage 720 Firmware - SMA Sunny Central Storage 760 Firmware - SMA Sunny Central Storage 800 Firmware - SMA Sunny Central Storage 850 Firmware - SMA Sunny Central Storage 900 Firmware - SMA Sunny Central Storage 1000 Firmware - SMA Sunny Central Storage 2200 Firmware - SMA Sunny Central Storage 2500 EV Firmware - SMA Sunny BOY Storage 2.5 Firmware -	39
Hardware	Sma SMA Sunny BOY 3600 - SMA Sunny BOY 5000 - SMA Sunny Tripower Core1 - SMA Sunny Tripower 15000Tl - SMA Sunny Tripower 20000Tl - SMA Sunny Tripower 25000Tl - SMA Sunny Tripower 5000Tl - SMA Sunny Tripower 12000Tl - SMA Sunny Tripower 60 - SMA Sunny BOY 3000Tl - SMA Sunny BOY 3600Tl - SMA Sunny BOY 4000Tl - SMA Sunny BOY 5000Tl - SMA Sunny BOY 1.5 - SMA Sunny BOY 2.5 - SMA Sunny BOY 3.0 - SMA Sunny BOY 3.6 - SMA Sunny BOY 4.0 - SMA Sunny BOY 5.0 - SMA Sunny Central 2200 - SMA Sunny Central 1000Cp XT - SMA Sunny Central 800Cp XT - SMA Sunny Central 850Cp XT - SMA Sunny Central 900Cp XT - SMA Sunny Central 500Cp XT - SMA Sunny Central 630Cp XT - SMA Sunny Central 720Cp XT - SMA Sunny Central 760Cp XT - SMA Sunny Central Storage 500 - SMA Sunny Central Storage 630 - SMA Sunny Central Storage 720 - SMA Sunny Central Storage 760 - SMA Sunny Central Storage 800 - SMA Sunny Central Storage 850 - SMA Sunny Central Storage 900 - SMA Sunny Central Storage 1000 - SMA Sunny Central Storage 2200 - SMA Sunny Central Storage 2500 EV - SMA Sunny BOY Storage 2.5 -	39

Summary

Vulnerable Configurations

References