SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability

🗓️ 02 Apr 2015 06:00:00Reported by Industrial Control Systems Cyber Emergency Response TeamType

ics🔗 www.cisa.gov👁 86 Views

SMA Solar Technology AG Sunny WebBox Hard-Coded Account Vulnerability affecting all versions can lead to remote attackers gaining full system access. SMA advises deactivating port-forwarding or using a VPN for remote access. Users are urged to upgrade to a newer supported system

Reporter	Title	Published	Views	Family All 8
BDU FSTEC	The vulnerability of the microprogramming software in the remote control system for solar panels, SMA Solar Sunny WebBox, allows a intruder to gain access to the device.	8 Feb 201600:00	–	bdu_fstec
CNVD	SMA Solar Sunny WebBox Privilege Gain Vulnerability	15 Sep 201500:00	–	cnvd
CVE	CVE-2015-3964	11 Sep 201516:00	–	cve
Cvelist	CVE-2015-3964	11 Sep 201516:00	–	cvelist
EUVD	EUVD-2015-3995	7 Oct 202500:30	–	euvd
NVD	CVE-2015-3964	11 Sep 201516:59	–	nvd
OpenVAS	Sunny WebBox Hardcoded Credentials (HTTP)	24 May 201600:00	–	openvas
Prion	Hardcoded credentials	11 Sep 201516:59	–	prion

Source	Link
raw	www.raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2015/icsa-15-181-02a.json
cisa	www.cisa.gov/news-events/ics-advisories/icsa-15-181-02a
cisa	www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01
cisa	www.cisa.gov/resources-tools/resources/ics-recommended-practices
cisa	www.cisa.gov/topics/industrial-control-systems
us-cert	www.us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
cisa	www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf
cisa	www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B
cisa	www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf
cisa	www.cisa.gov/uscert/ncas/tips/ST04-014

02 Apr 2015 06:00Current

6.9Medium risk

Vulners AI Score6.9

CVSS 210

EPSS0.00961