CVE-2017-9855

EPSS 0.42%
Veröffentlicht 05.08.2017 17:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sma ≫ Sunny Boy 3600 Firmware Version-

Sma ≫ Sunny Boy 3600 Version-

Sma ≫ Sunny Boy 5000 Firmware Version-

Sma ≫ Sunny Boy 5000 Version-

Sma ≫ Sunny Tripower Core1 Firmware Version-

Sma ≫ Sunny Tripower Core1 Version-

Sma ≫ Sunny Tripower 15000tl Firmware Version-

Sma ≫ Sunny Tripower 15000tl Version-

Sma ≫ Sunny Tripower 20000tl Firmware Version-

Sma ≫ Sunny Tripower 20000tl Version-

Sma ≫ Sunny Tripower 25000tl Firmware Version-

Sma ≫ Sunny Tripower 25000tl Version-

Sma ≫ Sunny Tripower 5000tl Firmware Version-

Sma ≫ Sunny Tripower 5000tl Version-

Sma ≫ Sunny Tripower 12000tl Firmware Version-

Sma ≫ Sunny Tripower 12000tl Version-

Sma ≫ Sunny Tripower 60 Firmware Version-

Sma ≫ Sunny Tripower 60 Version-

Sma ≫ Sunny Boy 3000tl Firmware Version-

Sma ≫ Sunny Boy 3000tl Version-

Sma ≫ Sunny Boy 3600tl Firmware Version-

Sma ≫ Sunny Boy 3600tl Version-

Sma ≫ Sunny Boy 4000tl Firmware Version-

Sma ≫ Sunny Boy 4000tl Version-

Sma ≫ Sunny Boy 5000tl Firmware Version-

Sma ≫ Sunny Boy 5000tl Version-

Sma ≫ Sunny Boy 1.5 Firmware Version-

Sma ≫ Sunny Boy 1.5 Version-

Sma ≫ Sunny Boy 2.5 Firmware Version-

Sma ≫ Sunny Boy 2.5 Version-

Sma ≫ Sunny Boy 3.0 Firmware Version-

Sma ≫ Sunny Boy 3.0 Version-

Sma ≫ Sunny Boy 3.6 Firmware Version-

Sma ≫ Sunny Boy 3.6 Version-

Sma ≫ Sunny Boy 4.0 Firmware Version-

Sma ≫ Sunny Boy 4.0 Version-

Sma ≫ Sunny Boy 5.0 Firmware Version-

Sma ≫ Sunny Boy 5.0 Version-

Sma ≫ Sunny Central 2200 Firmware Version-

Sma ≫ Sunny Central 2200 Version-

Sma ≫ Sunny Central 1000cp Xt Firmware Version-

Sma ≫ Sunny Central 1000cp Xt Version-

Sma ≫ Sunny Central 800cp Xt Firmware Version-

Sma ≫ Sunny Central 800cp Xt Version-

Sma ≫ Sunny Central 850cp Xt Firmware Version-

Sma ≫ Sunny Central 850cp Xt Version-

Sma ≫ Sunny Central 900cp Xt Firmware Version-

Sma ≫ Sunny Central 900cp Xt Version-

Sma ≫ Sunny Central 500cp Xt Firmware Version-

Sma ≫ Sunny Central 500cp Xt Version-

Sma ≫ Sunny Central 630cp Xt Firmware Version-

Sma ≫ Sunny Central 630cp Xt Version-

Sma ≫ Sunny Central 720cp Xt Firmware Version-

Sma ≫ Sunny Central 720cp Xt Version-

Sma ≫ Sunny Central 760cp Xt Firmware Version-

Sma ≫ Sunny Central 760cp Xt Version-

Sma ≫ Sunny Central Storage 500 Firmware Version-

Sma ≫ Sunny Central Storage 500 Version-

Sma ≫ Sunny Central Storage 630 Firmware Version-

Sma ≫ Sunny Central Storage 630 Version-

Sma ≫ Sunny Central Storage 720 Firmware Version-

Sma ≫ Sunny Central Storage 720 Version-

Sma ≫ Sunny Central Storage 760 Firmware Version-

Sma ≫ Sunny Central Storage 760 Version-

Sma ≫ Sunny Central Storage 800 Firmware Version-

Sma ≫ Sunny Central Storage 800 Version-

Sma ≫ Sunny Central Storage 850 Firmware Version-

Sma ≫ Sunny Central Storage 850 Version-

Sma ≫ Sunny Central Storage 900 Firmware Version-

Sma ≫ Sunny Central Storage 900 Version-

Sma ≫ Sunny Central Storage 1000 Firmware Version-

Sma ≫ Sunny Central Storage 1000 Version-

Sma ≫ Sunny Central Storage 2200 Firmware Version-

Sma ≫ Sunny Central Storage 2200 Version-

Sma ≫ Sunny Central Storage 2500-ev Firmware Version-

Sma ≫ Sunny Central Storage 2500-ev Version-

Sma ≫ Sunny Boy Storage 2.5 Firmware Version-

Sma ≫ Sunny Boy Storage 2.5 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.42%	0.614

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

http://www.sma.de/en/statement-on-cyber-security.html

http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf

https://horusscenario.com/CVE-information/

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-9855

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-9855

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-9855

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-9855