Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
890
VMScore

CVE-2017-9860

Published: 05/08/2017 Updated: 17/05/2024
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

An issue exists in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the malicious user to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by "a final integrity and compatibility check." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Vulnerable Product Search on Vulmon Subscribe to Product

sma sunny boy 3600 firmware -

sma sunny boy 5000 firmware -

sma sunny tripower core1 firmware -

sma sunny tripower 15000tl firmware -

sma sunny tripower 20000tl firmware -

sma sunny tripower 25000tl firmware -

sma sunny tripower 5000tl firmware -

sma sunny tripower 12000tl firmware -

sma sunny tripower 60 firmware -

sma sunny boy 3000tl firmware -

sma sunny boy 3600tl firmware -

sma sunny boy 4000tl firmware -

sma sunny boy 5000tl firmware -

sma sunny boy 1.5 firmware -

sma sunny boy 2.5 firmware -

sma sunny boy 3.0 firmware -

sma sunny boy 3.6 firmware -

sma sunny boy 4.0 firmware -

sma sunny boy 5.0 firmware -

sma sunny central 2200 firmware -

sma sunny central 1000cp xt firmware -

sma sunny central 800cp xt firmware -

sma sunny central 850cp xt firmware -

sma sunny central 900cp xt firmware -

sma sunny central 500cp xt firmware -

sma sunny central 630cp xt firmware -

sma sunny central 720cp xt firmware -

sma sunny central 760cp xt firmware -

sma sunny central storage 500 firmware -

sma sunny central storage 630 firmware -

sma sunny central storage 720 firmware -

sma sunny central storage 760 firmware -

sma sunny central storage 800 firmware -

sma sunny central storage 850 firmware -

sma sunny central storage 900 firmware -

sma sunny central storage 1000 firmware -

sma sunny central storage 2200 firmware -

sma sunny central storage 2500-ev firmware -

sma sunny boy storage 2.5 firmware -

References

CWE-287https://horusscenario.com/CVE-information/http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdfhttp://www.sma.de/en/statement-on-cyber-security.htmlhttps://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103CVE-2024-36279CVE-2024-38457elevation of privilegeCVE-2024-27801CVE-2024-30103NULL pointer dereferenceCVE-2024-6057XML injection
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook