Search criteria
9 vulnerabilities found for sunny_explorer by sma
FKIE_CVE-2017-9851
Vulnerability from fkie_nvd - Published: 2017-08-05 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sma | sunny_explorer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sma:sunny_explorer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6293DBA-5747-4315-A394-ECE32BD64C1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
},
{
"lang": "es",
"value": "** EN DISPUTA** Se ha descubierto un problema en productos SMA Solar Technology. La aplicaci\u00f3n puede bloquearse mediante el env\u00edo de datos sin sentido o configurando una sesi\u00f3n TELNET al puerto de la base de datos de Sunny Explorer. NOTA: El proveedor informa de que el m\u00e1ximo da\u00f1o posible es un fallo de comunicaci\u00f3n. Adem\u00e1s, s\u00f3lo Sunny Boy TLST-21 y TL-21 y Sunny Tripower TL-10 y TL-30 podr\u00edan verse afectados."
}
],
"id": "CVE-2017-9851",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-05T17:29:00.427",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://horusscenario.com/CVE-information/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-9863
Vulnerability from fkie_nvd - Published: 2017-08-05 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF135EE-B9B5-41B4-ADD5-A28EAAD794BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66A72AD7-33EC-4B93-BF10-DB6DC78AFC00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA6E217-2C7E-485B-90DB-6B962C02DD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E381975C-AC80-4797-9D60-21A8FEEBA71C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D33CE8B-F38A-4E06-9888-E1C6FB2EF17C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_core1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A24A14C-E510-479F-86ED-050502912FE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFE4BC8-80B8-4C16-B6B1-3458B54B61EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_15000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E930476-4BB4-44FB-94EF-B327B7016C64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A21E55C7-EF78-46DF-B221-0D16F76D16C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_20000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82E14A85-4A8F-441B-B457-39A8CB114272",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_25000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7210BF3C-EA34-4805-A596-9B818EE231F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_25000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A58780AF-6A20-44FE-9627-7ED1965DC6D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_5000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C37031D3-E12D-450C-9DAF-E57E70A179FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_5000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3916D5DB-736B-4958-A62C-29F8DACFE4AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_12000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB8A5FD-512F-48CE-B9DB-B61228178515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_12000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD72861-42E9-4DD0-A71F-91C327245A18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22BDD3FF-D9B4-473B-8495-D8EE7D236C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2513FDCE-0DB9-4A3C-BACC-636476BB47A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BA76D-0221-4820-855A-8647B70AF590",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E68A664-FB5B-466F-AB6D-0EB6C76E5EA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3600tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F089F6-9A2B-4D27-94A4-2B59683C044B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3600tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77CF17FB-7E59-4407-B9E5-02EE8329EE16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_4000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F004C609-A8C6-4A69-A9CA-670D28060948",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_4000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0263729-F7F5-4F06-9845-432F248B0010",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_5000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8305C0A5-CD69-42ED-94F8-A548997ECE04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_5000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D42C5BD9-4348-4E0C-9F76-2BDA1A5ADBFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_1.5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABAC551-0937-4C35-B367-E082216973A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6499AD-A269-4D05-9562-975C59659563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_2.5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE97058-71A8-4594-8D1C-44EED65137FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_2.5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E999A43F-820D-4281-9393-C8641CFDCC37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3.0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A48FB31D-3CC8-4506-976D-ED65B9CEC3BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE8CFE7-2C58-4C98-A806-6010ACAF0127",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3.6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA13E68-78D0-4EA3-9D1E-5E34E55EBFA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3.6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C472660-FAF7-48FB-9190-D85EB317197E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_4.0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E830DAA-4072-48C8-B047-56CA7D61C48A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_4.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "024BC798-2EC6-404E-9B2A-32F661823474",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_5.0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A48910-3876-426B-AB95-0EA5F08D4883",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_5.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1EF8258-E693-4E18-A7AC-F0A7C40F5211",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98C2345E-E79E-4AAA-AF19-1914F508F5D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "287A5EC9-69D7-452A-8667-A54D8B890A53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_1000cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14616A98-3829-41DF-BB99-011A617FA45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_1000cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2202672A-9402-4B55-95B2-0341BD216AA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_800cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C43D9A-29EC-4AE0-99F4-5EE700905D0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_800cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C685EA76-43AE-4354-9C07-122F4D070074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_850cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF640501-1D66-40B3-B473-B8844D7F8C62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_850cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3A2CAD-4435-418A-9380-2F5F6A60703F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_900cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C788BEC5-7DE7-4CA7-9F1C-0F515FEC077E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_900cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB862CD2-BA9D-4C95-ABDE-2F6EC23C9C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_500cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D310BA4B-734C-41BF-BDAF-DCBFE26264AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_500cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60266D0B-6195-4737-A6EB-6B46B81E0616",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_630cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89052ECC-5760-4D13-B320-5860C22B52C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_630cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB5CF00-8E95-48A7-94EC-6E98E77C998A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_720cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65922D8F-AF83-4DE5-AF8C-B64C27A99A7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_720cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC865DBB-C763-4063-ADD9-0D230D91C591",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_760cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8484D2-BA3E-4C87-A392-157B112D3222",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_760cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD088AB2-1C70-4C86-A25C-05B59D566E09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05D94A22-FF34-411B-BF12-767CE2518B8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47B541D1-2B28-430A-9AE4-3A67FD6E42D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_630_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0A4615-BA47-4E3D-8B6C-3CF5B2CC84C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B76D414-9B83-47EF-BCC5-EC9FDDF7A4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_720_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC8D9CD-9F52-4257-ACB8-1881ADAB70E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33F707-E03E-4221-A65B-DE694B7BBA85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_760_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7508D9-EAAC-4D68-85B7-013AF5DAF3EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3785766A-5450-4AE0-BFE6-11E4D298BB36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3809F04D-7E1E-4197-AC7A-D84A74609E33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B6A3F5-1C14-4001-9B63-8F75C25850AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_850_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC9291B-FF03-463E-A935-267E11B2AC0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D43021-CFF4-4AA8-A926-97D093EFED9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_900_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD66DB1-9FFE-4C04-A518-AB93C3F513A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72879781-EA14-49DC-9586-E6FF3871E0E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_1000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0892FC47-F5B2-4655-9FCE-6CE1F83012C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98D59F07-E40A-4801-B552-B8CD9B948741",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A867B7BA-E6ED-4E7B-A660-95E7B7140644",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC1DC9B-F825-4E56-BAF6-8A1F2997F2B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_2500-ev_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB33BAA-3995-4914-8DB0-D43A4762A6A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_2500-ev:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B488C87D-A594-49E1-B5D9-F951EE180304",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_storage_2.5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B282A58C-280A-48BA-B454-980B21FAE9AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_storage_2.5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF5AD56-F1CF-4383-B676-9935BD50BBE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sma:sunny_explorer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6293DBA-5747-4315-A394-ECE32BD64C1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Se ha descubierto un problema en productos SMA Solar Technology. Si un usuario est\u00e1 ejecutando Sunny Explorer y, al mismo tiempo, visita un host malicioso, se puede usar el cross-site request forgery para cambiar la configuraci\u00f3n en los inversores (por ejemplo, lanzando una petici\u00f3n POST para cambiar la contrase\u00f1a de usuario). Todos los ajustes de Sunny Explorer disponibles para un usuario autenticado tambi\u00e9n lo estar\u00e1n para el atacante. (En algunos casos, esto tambi\u00e9n incluye la modificaci\u00f3n de ajustes a los que el usuario no puede acceder). Esto podr\u00eda dar como resultado un dispositivo completamente comprometido. NOTA: El fabricante informa que esta explotaci\u00f3n es improbable porque Sunny Explorer se utiliza en raras ocasiones. Tambi\u00e9n, solamente se encuentran potencialmente afectados Sunny Boy TLST-21 y TL-21 y Sunny Tripower TL-10 y TL-30."
}
],
"id": "CVE-2017-9863",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-05T17:29:00.817",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://horusscenario.com/CVE-information/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-9862
Vulnerability from fkie_nvd - Published: 2017-08-05 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that "the information contained in the debug report is of marginal significance." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sma | sunny_explorer | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sma:sunny_explorer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6293DBA-5747-4315-A394-ECE32BD64C1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that \"the information contained in the debug report is of marginal significance.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Se ha descubierto un problema en productos SMA Solar Technology. Cuando se inicia sesi\u00f3n en Sunny Explorer con una contrase\u00f1a incorrecta, es posible crear un informe de depuraci\u00f3n que contiene informaci\u00f3n relacionada con la aplicaci\u00f3n y que permite que el atacante cree y guarde un archivo .txt con el contenido que estime oportuno. Un atacante podr\u00eda emplear esta vulnerabilidad para divulgar informaci\u00f3n o para escribir un archivo en lugares normalmente inaccesibles del sistema local. NOTA: El fabricante reporta que \"la informaci\u00f3n contenida en el informe de depuraci\u00f3n tiene una importancia menor\". Tambi\u00e9n, solo podr\u00edan estar potencialmente afectados Sunny Boy TLST-21 y TL-21 y Sunny Tripower TL-10 y TL-30"
}
],
"id": "CVE-2017-9862",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-05T17:29:00.770",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://horusscenario.com/CVE-information/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-9862 (GCVE-0-2017-9862)
Vulnerability from cvelistv5 – Published: 2017-08-05 17:00 – Updated: 2024-08-05 17:18 Disputed
VLAI?
Summary
An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that "the information contained in the debug report is of marginal significance." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that \"the information contained in the debug report is of marginal significance.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-21T08:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that \"the information contained in the debug report is of marginal significance.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9862",
"datePublished": "2017-08-05T17:00:00",
"dateReserved": "2017-06-24T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9863 (GCVE-0-2017-9863)
Vulnerability from cvelistv5 – Published: 2017-08-05 17:00 – Updated: 2024-08-05 17:18 Disputed
VLAI?
Summary
An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:02.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-21T08:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9863",
"datePublished": "2017-08-05T17:00:00",
"dateReserved": "2017-06-24T00:00:00",
"dateUpdated": "2024-08-05T17:18:02.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9851 (GCVE-0-2017-9851)
Vulnerability from cvelistv5 – Published: 2017-08-05 17:00 – Updated: 2024-08-05 17:18 Disputed
VLAI?
Summary
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-9851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T18:57:57.096137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:58:06.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-21T08:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9851",
"datePublished": "2017-08-05T17:00:00",
"dateReserved": "2017-06-24T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9862 (GCVE-0-2017-9862)
Vulnerability from nvd – Published: 2017-08-05 17:00 – Updated: 2024-08-05 17:18 Disputed
VLAI?
Summary
An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that "the information contained in the debug report is of marginal significance." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that \"the information contained in the debug report is of marginal significance.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-21T08:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that \"the information contained in the debug report is of marginal significance.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9862",
"datePublished": "2017-08-05T17:00:00",
"dateReserved": "2017-06-24T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9863 (GCVE-0-2017-9863)
Vulnerability from nvd – Published: 2017-08-05 17:00 – Updated: 2024-08-05 17:18 Disputed
VLAI?
Summary
An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:02.078Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-21T08:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9863",
"datePublished": "2017-08-05T17:00:00",
"dateReserved": "2017-06-24T00:00:00",
"dateUpdated": "2024-08-05T17:18:02.078Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9851 (GCVE-0-2017-9851)
Vulnerability from nvd – Published: 2017-08-05 17:00 – Updated: 2024-08-05 17:18 Disputed
VLAI?
Summary
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2017-9851",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-18T18:57:57.096137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-18T18:58:06.204Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.917Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-21T08:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://horusscenario.com/CVE-information/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
],
"tags": [
"disputed"
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9851",
"datePublished": "2017-08-05T17:00:00",
"dateReserved": "2017-06-24T00:00:00",
"dateUpdated": "2024-08-05T17:18:01.917Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}