GSD-2017-9863
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-9863",
"description": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",
"id": "GSD-2017-9863"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-9863"
],
"details": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.",
"id": "GSD-2017-9863",
"modified": "2023-12-13T01:21:07.512475Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sma.de/en/statement-on-cyber-security.html",
"refsource": "MISC",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"name": "https://horusscenario.com/CVE-information/",
"refsource": "MISC",
"url": "https://horusscenario.com/CVE-information/"
},
{
"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf",
"refsource": "MISC",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2FF135EE-B9B5-41B4-ADD5-A28EAAD794BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66A72AD7-33EC-4B93-BF10-DB6DC78AFC00",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA6E217-2C7E-485B-90DB-6B962C02DD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_5000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E381975C-AC80-4797-9D60-21A8FEEBA71C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6D33CE8B-F38A-4E06-9888-E1C6FB2EF17C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_core1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A24A14C-E510-479F-86ED-050502912FE7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3AFE4BC8-80B8-4C16-B6B1-3458B54B61EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_15000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E930476-4BB4-44FB-94EF-B327B7016C64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A21E55C7-EF78-46DF-B221-0D16F76D16C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_20000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82E14A85-4A8F-441B-B457-39A8CB114272",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_25000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7210BF3C-EA34-4805-A596-9B818EE231F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_25000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A58780AF-6A20-44FE-9627-7ED1965DC6D4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_5000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C37031D3-E12D-450C-9DAF-E57E70A179FF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_5000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3916D5DB-736B-4958-A62C-29F8DACFE4AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_12000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BB8A5FD-512F-48CE-B9DB-B61228178515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_12000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD72861-42E9-4DD0-A71F-91C327245A18",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_tripower_60_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22BDD3FF-D9B4-473B-8495-D8EE7D236C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_tripower_60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2513FDCE-0DB9-4A3C-BACC-636476BB47A2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "803BA76D-0221-4820-855A-8647B70AF590",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3E68A664-FB5B-466F-AB6D-0EB6C76E5EA0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3600tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F089F6-9A2B-4D27-94A4-2B59683C044B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3600tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77CF17FB-7E59-4407-B9E5-02EE8329EE16",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_4000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F004C609-A8C6-4A69-A9CA-670D28060948",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_4000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F0263729-F7F5-4F06-9845-432F248B0010",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_5000tl_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8305C0A5-CD69-42ED-94F8-A548997ECE04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_5000tl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D42C5BD9-4348-4E0C-9F76-2BDA1A5ADBFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_1.5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ABAC551-0937-4C35-B367-E082216973A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E6499AD-A269-4D05-9562-975C59659563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_2.5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE97058-71A8-4594-8D1C-44EED65137FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_2.5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E999A43F-820D-4281-9393-C8641CFDCC37",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3.0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A48FB31D-3CC8-4506-976D-ED65B9CEC3BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCE8CFE7-2C58-4C98-A806-6010ACAF0127",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_3.6_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA13E68-78D0-4EA3-9D1E-5E34E55EBFA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_3.6:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C472660-FAF7-48FB-9190-D85EB317197E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_4.0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E830DAA-4072-48C8-B047-56CA7D61C48A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_4.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "024BC798-2EC6-404E-9B2A-32F661823474",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_5.0_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A48910-3876-426B-AB95-0EA5F08D4883",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_5.0:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C1EF8258-E693-4E18-A7AC-F0A7C40F5211",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98C2345E-E79E-4AAA-AF19-1914F508F5D5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "287A5EC9-69D7-452A-8667-A54D8B890A53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_1000cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14616A98-3829-41DF-BB99-011A617FA45A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_1000cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2202672A-9402-4B55-95B2-0341BD216AA5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_800cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40C43D9A-29EC-4AE0-99F4-5EE700905D0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_800cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C685EA76-43AE-4354-9C07-122F4D070074",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_850cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EF640501-1D66-40B3-B473-B8844D7F8C62",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_850cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE3A2CAD-4435-418A-9380-2F5F6A60703F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_900cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C788BEC5-7DE7-4CA7-9F1C-0F515FEC077E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_900cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB862CD2-BA9D-4C95-ABDE-2F6EC23C9C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_500cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D310BA4B-734C-41BF-BDAF-DCBFE26264AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_500cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "60266D0B-6195-4737-A6EB-6B46B81E0616",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_630cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89052ECC-5760-4D13-B320-5860C22B52C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_630cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6DB5CF00-8E95-48A7-94EC-6E98E77C998A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_720cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65922D8F-AF83-4DE5-AF8C-B64C27A99A7A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_720cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC865DBB-C763-4063-ADD9-0D230D91C591",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_760cp_xt_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8484D2-BA3E-4C87-A392-157B112D3222",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_760cp_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD088AB2-1C70-4C86-A25C-05B59D566E09",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_500_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "05D94A22-FF34-411B-BF12-767CE2518B8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47B541D1-2B28-430A-9AE4-3A67FD6E42D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_630_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A0A4615-BA47-4E3D-8B6C-3CF5B2CC84C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_630:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B76D414-9B83-47EF-BCC5-EC9FDDF7A4A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_720_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2AC8D9CD-9F52-4257-ACB8-1881ADAB70E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_720:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D33F707-E03E-4221-A65B-DE694B7BBA85",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_760_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7508D9-EAAC-4D68-85B7-013AF5DAF3EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3785766A-5450-4AE0-BFE6-11E4D298BB36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_800_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3809F04D-7E1E-4197-AC7A-D84A74609E33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B6A3F5-1C14-4001-9B63-8F75C25850AB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_850_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EC9291B-FF03-463E-A935-267E11B2AC0B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D43021-CFF4-4AA8-A926-97D093EFED9B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_900_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD66DB1-9FFE-4C04-A518-AB93C3F513A5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72879781-EA14-49DC-9586-E6FF3871E0E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_1000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0892FC47-F5B2-4655-9FCE-6CE1F83012C3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_1000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98D59F07-E40A-4801-B552-B8CD9B948741",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_2200_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A867B7BA-E6ED-4E7B-A660-95E7B7140644",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_2200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC1DC9B-F825-4E56-BAF6-8A1F2997F2B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_central_storage_2500-ev_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FCB33BAA-3995-4914-8DB0-D43A4762A6A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_central_storage_2500-ev:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B488C87D-A594-49E1-B5D9-F951EE180304",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sma:sunny_boy_storage_2.5_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B282A58C-280A-48BA-B454-980B21FAE9AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sma:sunny_boy_storage_2.5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF5AD56-F1CF-4383-B676-9935BD50BBE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sma:sunny_explorer:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6293DBA-5747-4315-A394-ECE32BD64C1A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"
},
{
"lang": "es",
"value": "** EN DISPUTA ** Se ha descubierto un problema en productos SMA Solar Technology. Si un usuario est\u00e1 ejecutando Sunny Explorer y, al mismo tiempo, visita un host malicioso, se puede usar el cross-site request forgery para cambiar la configuraci\u00f3n en los inversores (por ejemplo, lanzando una petici\u00f3n POST para cambiar la contrase\u00f1a de usuario). Todos los ajustes de Sunny Explorer disponibles para un usuario autenticado tambi\u00e9n lo estar\u00e1n para el atacante. (En algunos casos, esto tambi\u00e9n incluye la modificaci\u00f3n de ajustes a los que el usuario no puede acceder). Esto podr\u00eda dar como resultado un dispositivo completamente comprometido. NOTA: El fabricante informa que esta explotaci\u00f3n es improbable porque Sunny Explorer se utiliza en raras ocasiones. Tambi\u00e9n, solamente se encuentran potencialmente afectados Sunny Boy TLST-21 y TL-21 y Sunny Tripower TL-10 y TL-30."
}
],
"id": "CVE-2017-9863",
"lastModified": "2024-04-11T00:59:34.733",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-05T17:29:00.817",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.sma.de/en/statement-on-cyber-security.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://horusscenario.com/CVE-information/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…