Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
solar vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-9646
An Uncontrolled Search Path Element issue exists in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an malicious user to execute arbitrary code on a target system using...
Solarcontrols Heating Control Downloader
7.5
CVSSv3
CVE-2017-9851
An issue exists in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny...
Sma Sunny Explorer -
9.8
CVSSv3
CVE-2017-9852
An Incorrect Password Management issue exists in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same comp...
Sma Sunny Boy 3600 Firmware -
Sma Sunny Boy 5000 Firmware -
Sma Sunny Tripower Core1 Firmware -
Sma Sunny Tripower 15000tl Firmware -
Sma Sunny Tripower 20000tl Firmware -
Sma Sunny Tripower 25000tl Firmware -
Sma Sunny Tripower 5000tl Firmware -
Sma Sunny Tripower 12000tl Firmware -
Sma Sunny Tripower 60 Firmware -
Sma Sunny Boy 3000tl Firmware -
Sma Sunny Boy 3600tl Firmware -
Sma Sunny Boy 4000tl Firmware -
Sma Sunny Boy 5000tl Firmware -
Sma Sunny Boy 1.5 Firmware -
Sma Sunny Boy 2.5 Firmware -
Sma Sunny Boy 3.0 Firmware -
Sma Sunny Boy 3.6 Firmware -
Sma Sunny Boy 4.0 Firmware -
Sma Sunny Boy 5.0 Firmware -
Sma Sunny Central 2200 Firmware -
Sma Sunny Central 1000cp Xt Firmware -
Sma Sunny Central 800cp Xt Firmware -
9.8
CVSSv3
CVE-2017-9853
An issue exists in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited s...
Sma Sunny Boy 3600 Firmware -
Sma Sunny Boy 5000 Firmware -
Sma Sunny Tripower Core1 Firmware -
Sma Sunny Tripower 15000tl Firmware -
Sma Sunny Tripower 20000tl Firmware -
Sma Sunny Tripower 25000tl Firmware -
Sma Sunny Tripower 5000tl Firmware -
Sma Sunny Tripower 12000tl Firmware -
Sma Sunny Tripower 60 Firmware -
Sma Sunny Boy 3000tl Firmware -
Sma Sunny Boy 3600tl Firmware -
Sma Sunny Boy 4000tl Firmware -
Sma Sunny Boy 5000tl Firmware -
Sma Sunny Boy 1.5 Firmware -
Sma Sunny Boy 2.5 Firmware -
Sma Sunny Boy 3.0 Firmware -
Sma Sunny Boy 3.6 Firmware -
Sma Sunny Boy 4.0 Firmware -
Sma Sunny Boy 5.0 Firmware -
Sma Sunny Central 2200 Firmware -
Sma Sunny Central 1000cp Xt Firmware -
Sma Sunny Central 800cp Xt Firmware -
9.8
CVSSv3
CVE-2017-9854
An issue exists in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports ...
Sma Sunny Boy 3600 Firmware -
Sma Sunny Boy 5000 Firmware -
Sma Sunny Tripower Core1 Firmware -
Sma Sunny Tripower 15000tl Firmware -
Sma Sunny Tripower 20000tl Firmware -
Sma Sunny Tripower 25000tl Firmware -
Sma Sunny Tripower 5000tl Firmware -
Sma Sunny Tripower 12000tl Firmware -
Sma Sunny Tripower 60 Firmware -
Sma Sunny Boy 3000tl Firmware -
Sma Sunny Boy 3600tl Firmware -
Sma Sunny Boy 4000tl Firmware -
Sma Sunny Boy 5000tl Firmware -
Sma Sunny Boy 1.5 Firmware -
Sma Sunny Boy 2.5 Firmware -
Sma Sunny Boy 3.0 Firmware -
Sma Sunny Boy 3.6 Firmware -
Sma Sunny Boy 4.0 Firmware -
Sma Sunny Boy 5.0 Firmware -
Sma Sunny Central 2200 Firmware -
Sma Sunny Central 1000cp Xt Firmware -
Sma Sunny Central 800cp Xt Firmware -
9.8
CVSSv3
CVE-2017-9856
An issue exists in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an malicious user to find the plaintext passwords and auth...
Sma Sunny Boy 3600 Firmware -
Sma Sunny Boy 5000 Firmware -
Sma Sunny Tripower Core1 Firmware -
Sma Sunny Tripower 15000tl Firmware -
Sma Sunny Tripower 20000tl Firmware -
Sma Sunny Tripower 25000tl Firmware -
Sma Sunny Tripower 5000tl Firmware -
Sma Sunny Tripower 12000tl Firmware -
Sma Sunny Tripower 60 Firmware -
Sma Sunny Boy 3000tl Firmware -
Sma Sunny Boy 3600tl Firmware -
Sma Sunny Boy 4000tl Firmware -
Sma Sunny Boy 5000tl Firmware -
Sma Sunny Boy 1.5 Firmware -
Sma Sunny Boy 2.5 Firmware -
Sma Sunny Boy 3.0 Firmware -
Sma Sunny Boy 3.6 Firmware -
Sma Sunny Boy 4.0 Firmware -
Sma Sunny Boy 5.0 Firmware -
Sma Sunny Central 2200 Firmware -
Sma Sunny Central 1000cp Xt Firmware -
Sma Sunny Central 800cp Xt Firmware -
8.1
CVSSv3
CVE-2017-9857
An issue exists in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, et...
Sma Sunny Boy 3600 Firmware -
Sma Sunny Boy 5000 Firmware -
Sma Sunny Tripower Core1 Firmware -
Sma Sunny Tripower 15000tl Firmware -
Sma Sunny Tripower 20000tl Firmware -
Sma Sunny Tripower 25000tl Firmware -
Sma Sunny Tripower 5000tl Firmware -
Sma Sunny Tripower 12000tl Firmware -
Sma Sunny Tripower 60 Firmware -
Sma Sunny Boy 3000tl Firmware -
Sma Sunny Boy 3600tl Firmware -
Sma Sunny Boy 4000tl Firmware -
Sma Sunny Boy 5000tl Firmware -
Sma Sunny Boy 1.5 Firmware -
Sma Sunny Boy 2.5 Firmware -
Sma Sunny Boy 3.0 Firmware -
Sma Sunny Boy 3.6 Firmware -
Sma Sunny Boy 4.0 Firmware -
Sma Sunny Boy 5.0 Firmware -
Sma Sunny Central 2200 Firmware -
Sma Sunny Central 1000cp Xt Firmware -
Sma Sunny Central 800cp Xt Firmware -
9.8
CVSSv3
CVE-2017-9860
An issue exists in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, t...
Sma Sunny Boy 3600 Firmware -
Sma Sunny Boy 5000 Firmware -
Sma Sunny Tripower Core1 Firmware -
Sma Sunny Tripower 15000tl Firmware -
Sma Sunny Tripower 20000tl Firmware -
Sma Sunny Tripower 25000tl Firmware -
Sma Sunny Tripower 5000tl Firmware -
Sma Sunny Tripower 12000tl Firmware -
Sma Sunny Tripower 60 Firmware -
Sma Sunny Boy 3000tl Firmware -
Sma Sunny Boy 3600tl Firmware -
Sma Sunny Boy 4000tl Firmware -
Sma Sunny Boy 5000tl Firmware -
Sma Sunny Boy 1.5 Firmware -
Sma Sunny Boy 2.5 Firmware -
Sma Sunny Boy 3.0 Firmware -
Sma Sunny Boy 3.6 Firmware -
Sma Sunny Boy 4.0 Firmware -
Sma Sunny Boy 5.0 Firmware -
Sma Sunny Central 2200 Firmware -
Sma Sunny Central 1000cp Xt Firmware -
Sma Sunny Central 800cp Xt Firmware -
7.5
CVSSv3
CVE-2017-9862
An issue exists in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the malicious user to create and save a .txt file with contents to his l...
Sma Sunny Explorer -
9.8
CVSSv3
CVE-2017-9855
An issue exists in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the in...
Sma Sunny Boy 3600 Firmware -
Sma Sunny Boy 5000 Firmware -
Sma Sunny Tripower Core1 Firmware -
Sma Sunny Tripower 15000tl Firmware -
Sma Sunny Tripower 20000tl Firmware -
Sma Sunny Tripower 25000tl Firmware -
Sma Sunny Tripower 5000tl Firmware -
Sma Sunny Tripower 12000tl Firmware -
Sma Sunny Tripower 60 Firmware -
Sma Sunny Boy 3000tl Firmware -
Sma Sunny Boy 3600tl Firmware -
Sma Sunny Boy 4000tl Firmware -
Sma Sunny Boy 5000tl Firmware -
Sma Sunny Boy 1.5 Firmware -
Sma Sunny Boy 2.5 Firmware -
Sma Sunny Boy 3.0 Firmware -
Sma Sunny Boy 3.6 Firmware -
Sma Sunny Boy 4.0 Firmware -
Sma Sunny Boy 5.0 Firmware -
Sma Sunny Central 2200 Firmware -
Sma Sunny Central 1000cp Xt Firmware -
Sma Sunny Central 800cp Xt Firmware -
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »