GSD-2017-9859
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-9859",
"description": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor\u0027s position is that \"we consider the probability of the success of such manipulation to be extremely low.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",
"id": "GSD-2017-9859"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-9859"
],
"details": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor\u0027s position is that \"we consider the probability of the success of such manipulation to be extremely low.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",
"id": "GSD-2017-9859",
"modified": "2023-12-13T01:21:07.604779Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor\u0027s position is that \"we consider the probability of the success of such manipulation to be extremely low.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF135EE-B9B5-41B4-ADD5-A28EAAD794BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66A72AD7-33EC-4B93-BF10-DB6DC78AFC00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA6E217-2C7E-485B-90DB-6B962C02DD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E381975C-AC80-4797-9D60-21A8FEEBA71C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D33CE8B-F38A-4E06-9888-E1C6FB2EF17C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_core1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A24A14C-E510-479F-86ED-050502912FE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFE4BC8-80B8-4C16-B6B1-3458B54B61EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_15000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E930476-4BB4-44FB-94EF-B327B7016C64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A21E55C7-EF78-46DF-B221-0D16F76D16C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_20000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82E14A85-4A8F-441B-B457-39A8CB114272",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_25000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7210BF3C-EA34-4805-A596-9B818EE231F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_25000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A58780AF-6A20-44FE-9627-7ED1965DC6D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_5000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C37031D3-E12D-450C-9DAF-E57E70A179FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_5000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3916D5DB-736B-4958-A62C-29F8DACFE4AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_12000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB8A5FD-512F-48CE-B9DB-B61228178515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_12000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD72861-42E9-4DD0-A71F-91C327245A18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22BDD3FF-D9B4-473B-8495-D8EE7D236C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2513FDCE-0DB9-4A3C-BACC-636476BB47A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BA76D-0221-4820-855A-8647B70AF590",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E68A664-FB5B-466F-AB6D-0EB6C76E5EA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3600tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F089F6-9A2B-4D27-94A4-2B59683C044B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3600tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77CF17FB-7E59-4407-B9E5-02EE8329EE16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_4000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F004C609-A8C6-4A69-A9CA-670D28060948",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_4000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0263729-F7F5-4F06-9845-432F248B0010",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_5000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8305C0A5-CD69-42ED-94F8-A548997ECE04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_5000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D42C5BD9-4348-4E0C-9F76-2BDA1A5ADBFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_1.5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABAC551-0937-4C35-B367-E082216973A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6499AD-A269-4D05-9562-975C59659563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_2.5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE97058-71A8-4594-8D1C-44EED65137FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_2.5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E999A43F-820D-4281-9393-C8641CFDCC37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3.0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A48FB31D-3CC8-4506-976D-ED65B9CEC3BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE8CFE7-2C58-4C98-A806-6010ACAF0127",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3.6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA13E68-78D0-4EA3-9D1E-5E34E55EBFA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3.6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C472660-FAF7-48FB-9190-D85EB317197E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_4.0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E830DAA-4072-48C8-B047-56CA7D61C48A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_4.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "024BC798-2EC6-404E-9B2A-32F661823474",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_5.0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A48910-3876-426B-AB95-0EA5F08D4883",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_5.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1EF8258-E693-4E18-A7AC-F0A7C40F5211",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98C2345E-E79E-4AAA-AF19-1914F508F5D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "287A5EC9-69D7-452A-8667-A54D8B890A53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_1000cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14616A98-3829-41DF-BB99-011A617FA45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_1000cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2202672A-9402-4B55-95B2-0341BD216AA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_800cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C43D9A-29EC-4AE0-99F4-5EE700905D0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_800cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C685EA76-43AE-4354-9C07-122F4D070074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_850cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF640501-1D66-40B3-B473-B8844D7F8C62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_850cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3A2CAD-4435-418A-9380-2F5F6A60703F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_900cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C788BEC5-7DE7-4CA7-9F1C-0F515FEC077E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_900cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB862CD2-BA9D-4C95-ABDE-2F6EC23C9C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_500cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D310BA4B-734C-41BF-BDAF-DCBFE26264AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_500cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60266D0B-6195-4737-A6EB-6B46B81E0616",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_630cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89052ECC-5760-4D13-B320-5860C22B52C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_630cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB5CF00-8E95-48A7-94EC-6E98E77C998A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_720cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65922D8F-AF83-4DE5-AF8C-B64C27A99A7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_720cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC865DBB-C763-4063-ADD9-0D230D91C591",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_760cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8484D2-BA3E-4C87-A392-157B112D3222",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_760cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD088AB2-1C70-4C86-A25C-05B59D566E09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05D94A22-FF34-411B-BF12-767CE2518B8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47B541D1-2B28-430A-9AE4-3A67FD6E42D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_630_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0A4615-BA47-4E3D-8B6C-3CF5B2CC84C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B76D414-9B83-47EF-BCC5-EC9FDDF7A4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_720_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC8D9CD-9F52-4257-ACB8-1881ADAB70E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33F707-E03E-4221-A65B-DE694B7BBA85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_760_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7508D9-EAAC-4D68-85B7-013AF5DAF3EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3785766A-5450-4AE0-BFE6-11E4D298BB36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3809F04D-7E1E-4197-AC7A-D84A74609E33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B6A3F5-1C14-4001-9B63-8F75C25850AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_850_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC9291B-FF03-463E-A935-267E11B2AC0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D43021-CFF4-4AA8-A926-97D093EFED9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_900_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD66DB1-9FFE-4C04-A518-AB93C3F513A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72879781-EA14-49DC-9586-E6FF3871E0E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_1000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0892FC47-F5B2-4655-9FCE-6CE1F83012C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98D59F07-E40A-4801-B552-B8CD9B948741",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A867B7BA-E6ED-4E7B-A660-95E7B7140644",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC1DC9B-F825-4E56-BAF6-8A1F2997F2B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_2500-ev_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB33BAA-3995-4914-8DB0-D43A4762A6A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_2500-ev:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B488C87D-A594-49E1-B5D9-F951EE180304",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_storage_2.5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B282A58C-280A-48BA-B454-980B21FAE9AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_storage_2.5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF5AD56-F1CF-4383-B676-9935BD50BBE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor\u0027s position is that \"we consider the probability of the success of such manipulation to be extremely low.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
},
{
"lang": "es",
"value": "**EN DISPUTA** Se ha descubierto un problema en productos SMA Solar Technology. Los inversores emplean un algoritmo de hash d\u00e9bil para cifrar la contrase\u00f1a de peticiones REGISTER. Este algoritmo de hash se puede romper con relativa facilidad. Lo m\u00e1s probable es que un atacante sea capaz de descubrir la contrase\u00f1a empleando crackers offline. Esta contrase\u00f1a descubierta podr\u00e1 emplearse para registrarse en los servidores SMA. NOTA: La posici\u00f3n del fabricante es que \"nosotros consideramos que la probabilidad de alg\u00fan tipo de manipulaci\u00f3n exitosa es extremadamente baja.\" Tambi\u00e9n, \u00fanicamente podr\u00edan estar potencialmente afectados Sunny Boy TLST-21 y TL-21 y Sunny Tripower TL-10 y TL-30"
}
],
"id": "CVE-2017-9859",
"lastModified": "2024-04-11T00:59:34.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-05T17:29:00.677",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://horusscenario.com/CVE-information/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…