Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2017-9859

Published: 05/08/2017 Updated: 17/05/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

An issue exists in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Vulnerable Product Search on Vulmon Subscribe to Product

sma sunny_boy_3600_firmware -

sma sunny_boy_5000_firmware -

sma sunny_tripower_core1_firmware -

sma sunny_tripower_15000tl_firmware -

sma sunny_tripower_20000tl_firmware -

sma sunny_tripower_25000tl_firmware -

sma sunny_tripower_5000tl_firmware -

sma sunny_tripower_12000tl_firmware -

sma sunny_tripower_60_firmware -

sma sunny_boy_3000tl_firmware -

sma sunny_boy_3600tl_firmware -

sma sunny_boy_4000tl_firmware -

sma sunny_boy_5000tl_firmware -

sma sunny_boy_1.5_firmware -

sma sunny_boy_2.5_firmware -

sma sunny_boy_3.0_firmware -

sma sunny_boy_3.6_firmware -

sma sunny_boy_4.0_firmware -

sma sunny_boy_5.0_firmware -

sma sunny_central_2200_firmware -

sma sunny_central_1000cp_xt_firmware -

sma sunny_central_800cp_xt_firmware -

sma sunny_central_850cp_xt_firmware -

sma sunny_central_900cp_xt_firmware -

sma sunny_central_500cp_xt_firmware -

sma sunny_central_630cp_xt_firmware -

sma sunny_central_720cp_xt_firmware -

sma sunny_central_760cp_xt_firmware -

sma sunny_central_storage_500_firmware -

sma sunny_central_storage_630_firmware -

sma sunny_central_storage_720_firmware -

sma sunny_central_storage_760_firmware -

sma sunny_central_storage_800_firmware -

sma sunny_central_storage_850_firmware -

sma sunny_central_storage_900_firmware -

sma sunny_central_storage_1000_firmware -

sma sunny_central_storage_2200_firmware -

sma sunny_central_storage_2500-ev_firmware -

sma sunny_boy_storage_2.5_firmware -

References

CWE-327https://horusscenario.com/CVE-information/http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdfhttp://www.sma.de/en/statement-on-cyber-security.htmlhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572CVE-2024-24919CVE-2024-0230CVE-2024-32714HTML injectionlocal file inclusionCVE-2024-31098CVE-2024-31244privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook