CVE-2017-9857 (GCVE-0-2017-9857)

Vulnerability from cvelistv5 – Published: 2017-08-05 17:00 – Updated: 2024-08-05 17:18 Disputed
VLAI?
Summary
An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:h:sma:sunny_tripower:5.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sunny_tripower",
            "vendor": "sma",
            "versions": [
              {
                "status": "affected",
                "version": "TL-30"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sunny_boy_1.5",
            "vendor": "sma",
            "versions": [
              {
                "status": "affected",
                "version": "TL-21"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2017-9857",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-19T15:46:55.643864Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:11:52.484Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:18:02.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sma.de/en/statement-on-cyber-security.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://horusscenario.com/CVE-information/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor\u0027s position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-21T08:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sma.de/en/statement-on-cyber-security.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://horusscenario.com/CVE-information/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9857",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor\u0027s position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.sma.de/en/statement-on-cyber-security.html",
              "refsource": "MISC",
              "url": "http://www.sma.de/en/statement-on-cyber-security.html"
            },
            {
              "name": "https://horusscenario.com/CVE-information/",
              "refsource": "MISC",
              "url": "https://horusscenario.com/CVE-information/"
            },
            {
              "name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
              "refsource": "MISC",
              "url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9857",
    "datePublished": "2017-08-05T17:00:00",
    "dateReserved": "2017-06-24T00:00:00",
    "dateUpdated": "2024-08-05T17:18:02.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2FF135EE-B9B5-41B4-ADD5-A28EAAD794BE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_3600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66A72AD7-33EC-4B93-BF10-DB6DC78AFC00\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4DA6E217-2C7E-485B-90DB-6B962C02DD68\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_5000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E381975C-AC80-4797-9D60-21A8FEEBA71C\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6D33CE8B-F38A-4E06-9888-E1C6FB2EF17C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_tripower_core1:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A24A14C-E510-479F-86ED-050502912FE7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3AFE4BC8-80B8-4C16-B6B1-3458B54B61EE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_tripower_15000tl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E930476-4BB4-44FB-94EF-B327B7016C64\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A21E55C7-EF78-46DF-B221-0D16F76D16C3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_tripower_20000tl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"82E14A85-4A8F-441B-B457-39A8CB114272\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_tripower_25000tl_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7210BF3C-EA34-4805-A596-9B818EE231F7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_tripower_25000tl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A58780AF-6A20-44FE-9627-7ED1965DC6D4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_tripower_5000tl_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C37031D3-E12D-450C-9DAF-E57E70A179FF\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_tripower_5000tl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3916D5DB-736B-4958-A62C-29F8DACFE4AB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_tripower_12000tl_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BB8A5FD-512F-48CE-B9DB-B61228178515\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_tripower_12000tl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CD72861-42E9-4DD0-A71F-91C327245A18\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_tripower_60_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22BDD3FF-D9B4-473B-8495-D8EE7D236C70\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_tripower_60:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2513FDCE-0DB9-4A3C-BACC-636476BB47A2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_3000tl_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"803BA76D-0221-4820-855A-8647B70AF590\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_3000tl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E68A664-FB5B-466F-AB6D-0EB6C76E5EA0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_3600tl_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96F089F6-9A2B-4D27-94A4-2B59683C044B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_3600tl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77CF17FB-7E59-4407-B9E5-02EE8329EE16\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_4000tl_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F004C609-A8C6-4A69-A9CA-670D28060948\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_4000tl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F0263729-F7F5-4F06-9845-432F248B0010\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_5000tl_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8305C0A5-CD69-42ED-94F8-A548997ECE04\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_5000tl:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D42C5BD9-4348-4E0C-9F76-2BDA1A5ADBFB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_1.5_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7ABAC551-0937-4C35-B367-E082216973A5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E6499AD-A269-4D05-9562-975C59659563\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_2.5_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCE97058-71A8-4594-8D1C-44EED65137FA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_2.5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E999A43F-820D-4281-9393-C8641CFDCC37\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_3.0_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A48FB31D-3CC8-4506-976D-ED65B9CEC3BA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_3.0:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCE8CFE7-2C58-4C98-A806-6010ACAF0127\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_3.6_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EA13E68-78D0-4EA3-9D1E-5E34E55EBFA8\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_3.6:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C472660-FAF7-48FB-9190-D85EB317197E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_4.0_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1E830DAA-4072-48C8-B047-56CA7D61C48A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_4.0:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"024BC798-2EC6-404E-9B2A-32F661823474\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_5.0_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5A48910-3876-426B-AB95-0EA5F08D4883\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_5.0:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1EF8258-E693-4E18-A7AC-F0A7C40F5211\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_2200_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98C2345E-E79E-4AAA-AF19-1914F508F5D5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_2200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"287A5EC9-69D7-452A-8667-A54D8B890A53\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_1000cp_xt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14616A98-3829-41DF-BB99-011A617FA45A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_1000cp_xt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2202672A-9402-4B55-95B2-0341BD216AA5\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_800cp_xt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"40C43D9A-29EC-4AE0-99F4-5EE700905D0D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_800cp_xt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C685EA76-43AE-4354-9C07-122F4D070074\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_850cp_xt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF640501-1D66-40B3-B473-B8844D7F8C62\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_850cp_xt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DE3A2CAD-4435-418A-9380-2F5F6A60703F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_900cp_xt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C788BEC5-7DE7-4CA7-9F1C-0F515FEC077E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_900cp_xt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EB862CD2-BA9D-4C95-ABDE-2F6EC23C9C30\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_500cp_xt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D310BA4B-734C-41BF-BDAF-DCBFE26264AE\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_500cp_xt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"60266D0B-6195-4737-A6EB-6B46B81E0616\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_630cp_xt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"89052ECC-5760-4D13-B320-5860C22B52C6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_630cp_xt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DB5CF00-8E95-48A7-94EC-6E98E77C998A\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_720cp_xt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"65922D8F-AF83-4DE5-AF8C-B64C27A99A7A\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_720cp_xt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC865DBB-C763-4063-ADD9-0D230D91C591\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_760cp_xt_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A8484D2-BA3E-4C87-A392-157B112D3222\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_760cp_xt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD088AB2-1C70-4C86-A25C-05B59D566E09\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_storage_500_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"05D94A22-FF34-411B-BF12-767CE2518B8D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_storage_500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"47B541D1-2B28-430A-9AE4-3A67FD6E42D6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_storage_630_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4A0A4615-BA47-4E3D-8B6C-3CF5B2CC84C7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_storage_630:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B76D414-9B83-47EF-BCC5-EC9FDDF7A4A7\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_storage_720_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2AC8D9CD-9F52-4257-ACB8-1881ADAB70E5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_storage_720:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D33F707-E03E-4221-A65B-DE694B7BBA85\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_storage_760_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F7508D9-EAAC-4D68-85B7-013AF5DAF3EC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_storage_760:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3785766A-5450-4AE0-BFE6-11E4D298BB36\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_storage_800_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3809F04D-7E1E-4197-AC7A-D84A74609E33\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_storage_800:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5B6A3F5-1C14-4001-9B63-8F75C25850AB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_storage_850_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9EC9291B-FF03-463E-A935-267E11B2AC0B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_storage_850:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8D43021-CFF4-4AA8-A926-97D093EFED9B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_storage_900_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1DD66DB1-9FFE-4C04-A518-AB93C3F513A5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_storage_900:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"72879781-EA14-49DC-9586-E6FF3871E0E4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_storage_1000_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0892FC47-F5B2-4655-9FCE-6CE1F83012C3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_storage_1000:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98D59F07-E40A-4801-B552-B8CD9B948741\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_storage_2200_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A867B7BA-E6ED-4E7B-A660-95E7B7140644\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_storage_2200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FAC1DC9B-F825-4E56-BAF6-8A1F2997F2B6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_central_storage_2500-ev_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCB33BAA-3995-4914-8DB0-D43A4762A6A9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_central_storage_2500-ev:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B488C87D-A594-49E1-B5D9-F951EE180304\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:sma:sunny_boy_storage_2.5_firmware:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B282A58C-280A-48BA-B454-980B21FAE9AA\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:sma:sunny_boy_storage_2.5:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AAF5AD56-F1CF-4383-B676-9935BD50BBE3\"}]}]}]",
      "cveTags": "[{\"sourceIdentifier\": \"cve@mitre.org\", \"tags\": [\"disputed\"]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor\u0027s position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected\"}, {\"lang\": \"es\", \"value\": \"**EN DISPUTA** Se ha descubierto un problema en productos SMA Solar Technology. El protocolo de comunicaci\\u00f3n SMAdata2+ no emplea correctamente la autenticaci\\u00f3n con cifrado, por lo que es vulnerable a ataques Man-in-the-Middle, inyecci\\u00f3n de paquetes y ataques de replay. Cualquier cambio de configuraci\\u00f3n, paquete de autenticaci\\u00f3n, paquete de rastreo, etc., puede ser reproducido, inyectado o empleado para un Man-in-the-Middle. Todas las funcionalidades disponibles en Sunny Explorer pueden realizarse correctamente desde cualquier parte de la red siempre y cuando el atacante configure correctamente el paquete. Esto incluye el proceso de autenticaci\\u00f3n para todos los niveles de acceso (incluyendo aquellos que est\\u00e1n ocultos) y el cambio de configuraciones seg\\u00fan lo establecido por los derechos de acceso adquiridos. Adem\\u00e1s, debido al hecho de que el canal de comunicaci\\u00f3n SMAdata2+ no est\\u00e1 cifrado, un atacante que entienda el protocolo ser\\u00e1 capaz de escuchar comunicaciones. NOTA: La posici\\u00f3n del vendedor que la autenticaci\\u00f3n con cifrado no es requerida en una red aislada. Tambi\\u00e9n, \\u00fanicamente podr\\u00edan estar potencialmente afectados Sunny Boy TLST-21 y TL-21 y Sunny Tripower TL-10 y TL-30.\"}]",
      "id": "CVE-2017-9857",
      "lastModified": "2024-11-21T03:37:00.680",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-08-05T17:29:00.613",
      "references": "[{\"url\": \"http://www.sma.de/en/statement-on-cyber-security.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://horusscenario.com/CVE-information/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://www.sma.de/en/statement-on-cyber-security.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://horusscenario.com/CVE-information/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-9857\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-08-05T17:29:00.613\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor\u0027s position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected\"},{\"lang\":\"es\",\"value\":\"**EN DISPUTA** Se ha descubierto un problema en productos SMA Solar Technology. El protocolo de comunicaci\u00f3n SMAdata2+ no emplea correctamente la autenticaci\u00f3n con cifrado, por lo que es vulnerable a ataques Man-in-the-Middle, inyecci\u00f3n de paquetes y ataques de replay. Cualquier cambio de configuraci\u00f3n, paquete de autenticaci\u00f3n, paquete de rastreo, etc., puede ser reproducido, inyectado o empleado para un Man-in-the-Middle. Todas las funcionalidades disponibles en Sunny Explorer pueden realizarse correctamente desde cualquier parte de la red siempre y cuando el atacante configure correctamente el paquete. Esto incluye el proceso de autenticaci\u00f3n para todos los niveles de acceso (incluyendo aquellos que est\u00e1n ocultos) y el cambio de configuraciones seg\u00fan lo establecido por los derechos de acceso adquiridos. Adem\u00e1s, debido al hecho de que el canal de comunicaci\u00f3n SMAdata2+ no est\u00e1 cifrado, un atacante que entienda el protocolo ser\u00e1 capaz de escuchar comunicaciones. NOTA: La posici\u00f3n del vendedor que la autenticaci\u00f3n con cifrado no es requerida en una red aislada. Tambi\u00e9n, \u00fanicamente podr\u00edan estar potencialmente afectados Sunny Boy TLST-21 y TL-21 y Sunny Tripower TL-10 y TL-30.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2FF135EE-B9B5-41B4-ADD5-A28EAAD794BE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_3600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66A72AD7-33EC-4B93-BF10-DB6DC78AFC00\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4DA6E217-2C7E-485B-90DB-6B962C02DD68\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_5000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E381975C-AC80-4797-9D60-21A8FEEBA71C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D33CE8B-F38A-4E06-9888-E1C6FB2EF17C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_tripower_core1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A24A14C-E510-479F-86ED-050502912FE7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3AFE4BC8-80B8-4C16-B6B1-3458B54B61EE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_tripower_15000tl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E930476-4BB4-44FB-94EF-B327B7016C64\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A21E55C7-EF78-46DF-B221-0D16F76D16C3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_tripower_20000tl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82E14A85-4A8F-441B-B457-39A8CB114272\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_tripower_25000tl_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7210BF3C-EA34-4805-A596-9B818EE231F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_tripower_25000tl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A58780AF-6A20-44FE-9627-7ED1965DC6D4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_tripower_5000tl_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C37031D3-E12D-450C-9DAF-E57E70A179FF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_tripower_5000tl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3916D5DB-736B-4958-A62C-29F8DACFE4AB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_tripower_12000tl_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BB8A5FD-512F-48CE-B9DB-B61228178515\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_tripower_12000tl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CD72861-42E9-4DD0-A71F-91C327245A18\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_tripower_60_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22BDD3FF-D9B4-473B-8495-D8EE7D236C70\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_tripower_60:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2513FDCE-0DB9-4A3C-BACC-636476BB47A2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_3000tl_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"803BA76D-0221-4820-855A-8647B70AF590\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_3000tl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E68A664-FB5B-466F-AB6D-0EB6C76E5EA0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_3600tl_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96F089F6-9A2B-4D27-94A4-2B59683C044B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_3600tl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77CF17FB-7E59-4407-B9E5-02EE8329EE16\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_4000tl_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F004C609-A8C6-4A69-A9CA-670D28060948\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_4000tl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0263729-F7F5-4F06-9845-432F248B0010\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_5000tl_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8305C0A5-CD69-42ED-94F8-A548997ECE04\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_5000tl:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D42C5BD9-4348-4E0C-9F76-2BDA1A5ADBFB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_1.5_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ABAC551-0937-4C35-B367-E082216973A5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E6499AD-A269-4D05-9562-975C59659563\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_2.5_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE97058-71A8-4594-8D1C-44EED65137FA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_2.5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E999A43F-820D-4281-9393-C8641CFDCC37\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_3.0_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A48FB31D-3CC8-4506-976D-ED65B9CEC3BA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_3.0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCE8CFE7-2C58-4C98-A806-6010ACAF0127\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_3.6_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EA13E68-78D0-4EA3-9D1E-5E34E55EBFA8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_3.6:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C472660-FAF7-48FB-9190-D85EB317197E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_4.0_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E830DAA-4072-48C8-B047-56CA7D61C48A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_4.0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"024BC798-2EC6-404E-9B2A-32F661823474\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_5.0_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5A48910-3876-426B-AB95-0EA5F08D4883\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_5.0:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1EF8258-E693-4E18-A7AC-F0A7C40F5211\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_2200_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98C2345E-E79E-4AAA-AF19-1914F508F5D5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_2200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"287A5EC9-69D7-452A-8667-A54D8B890A53\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_1000cp_xt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14616A98-3829-41DF-BB99-011A617FA45A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_1000cp_xt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2202672A-9402-4B55-95B2-0341BD216AA5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_800cp_xt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40C43D9A-29EC-4AE0-99F4-5EE700905D0D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_800cp_xt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C685EA76-43AE-4354-9C07-122F4D070074\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_850cp_xt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF640501-1D66-40B3-B473-B8844D7F8C62\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_850cp_xt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE3A2CAD-4435-418A-9380-2F5F6A60703F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_900cp_xt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C788BEC5-7DE7-4CA7-9F1C-0F515FEC077E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_900cp_xt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB862CD2-BA9D-4C95-ABDE-2F6EC23C9C30\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_500cp_xt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D310BA4B-734C-41BF-BDAF-DCBFE26264AE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_500cp_xt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60266D0B-6195-4737-A6EB-6B46B81E0616\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_630cp_xt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"89052ECC-5760-4D13-B320-5860C22B52C6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_630cp_xt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DB5CF00-8E95-48A7-94EC-6E98E77C998A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_720cp_xt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65922D8F-AF83-4DE5-AF8C-B64C27A99A7A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_720cp_xt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC865DBB-C763-4063-ADD9-0D230D91C591\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_760cp_xt_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A8484D2-BA3E-4C87-A392-157B112D3222\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_760cp_xt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD088AB2-1C70-4C86-A25C-05B59D566E09\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_storage_500_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05D94A22-FF34-411B-BF12-767CE2518B8D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_storage_500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47B541D1-2B28-430A-9AE4-3A67FD6E42D6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_storage_630_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A0A4615-BA47-4E3D-8B6C-3CF5B2CC84C7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_storage_630:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B76D414-9B83-47EF-BCC5-EC9FDDF7A4A7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_storage_720_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2AC8D9CD-9F52-4257-ACB8-1881ADAB70E5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_storage_720:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D33F707-E03E-4221-A65B-DE694B7BBA85\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_storage_760_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F7508D9-EAAC-4D68-85B7-013AF5DAF3EC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_storage_760:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3785766A-5450-4AE0-BFE6-11E4D298BB36\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_storage_800_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3809F04D-7E1E-4197-AC7A-D84A74609E33\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_storage_800:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5B6A3F5-1C14-4001-9B63-8F75C25850AB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_storage_850_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EC9291B-FF03-463E-A935-267E11B2AC0B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_storage_850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8D43021-CFF4-4AA8-A926-97D093EFED9B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_storage_900_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DD66DB1-9FFE-4C04-A518-AB93C3F513A5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_storage_900:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72879781-EA14-49DC-9586-E6FF3871E0E4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_storage_1000_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0892FC47-F5B2-4655-9FCE-6CE1F83012C3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_storage_1000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98D59F07-E40A-4801-B552-B8CD9B948741\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_storage_2200_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A867B7BA-E6ED-4E7B-A660-95E7B7140644\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_storage_2200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAC1DC9B-F825-4E56-BAF6-8A1F2997F2B6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_central_storage_2500-ev_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCB33BAA-3995-4914-8DB0-D43A4762A6A9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_central_storage_2500-ev:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B488C87D-A594-49E1-B5D9-F951EE180304\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:sma:sunny_boy_storage_2.5_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B282A58C-280A-48BA-B454-980B21FAE9AA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:sma:sunny_boy_storage_2.5:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AAF5AD56-F1CF-4383-B676-9935BD50BBE3\"}]}]}],\"references\":[{\"url\":\"http://www.sma.de/en/statement-on-cyber-security.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://horusscenario.com/CVE-information/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.sma.de/en/statement-on-cyber-security.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://horusscenario.com/CVE-information/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.sma.de/en/statement-on-cyber-security.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://horusscenario.com/CVE-information/\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T17:18:02.238Z\"}}, {\"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2017-9857\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-04-19T15:46:55.643864Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:h:sma:sunny_tripower:5.0:*:*:*:*:*:*:*\"], \"vendor\": \"sma\", \"product\": \"sunny_tripower\", \"versions\": [{\"status\": \"affected\", \"version\": \"TL-30\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:*\"], \"vendor\": \"sma\", \"product\": \"sunny_boy_1.5\", \"versions\": [{\"status\": \"affected\", \"version\": \"TL-21\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-04-19T15:51:14.813Z\"}, \"title\": \"CISA ADP Vulnrichment\"}], \"cna\": {\"tags\": [\"disputed\"], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"datePublic\": \"2017-08-05T00:00:00\", \"references\": [{\"url\": \"http://www.sma.de/en/statement-on-cyber-security.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://horusscenario.com/CVE-information/\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor\u0027s position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2017-08-21T08:57:01\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"n/a\"}]}, \"product_name\": \"n/a\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.sma.de/en/statement-on-cyber-security.html\", \"name\": \"http://www.sma.de/en/statement-on-cyber-security.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://horusscenario.com/CVE-information/\", \"name\": \"https://horusscenario.com/CVE-information/\", \"refsource\": \"MISC\"}, {\"url\": \"http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf\", \"name\": \"http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"** DISPUTED ** An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor\u0027s position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"n/a\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2017-9857\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"cve@mitre.org\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2017-9857\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-05T17:18:02.238Z\", \"dateReserved\": \"2017-06-24T00:00:00\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2017-08-05T17:00:00\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.