81 matches found
SMA Solar Technology AG ennexos.sunnyportal.com 安全漏洞
SMA Solar Technology AG ennexos.sunnyportal.com is an online platform of SMA Solar Technology AG, Germany. A security vulnerability exists in SMA Solar Technology AG ennexos.sunnyportal.com that originates from a low-privileged user being able to access other users' information, which could lead ...
SMA Solar Sunny Portal 安全漏洞
SMA Solar Sunny Portal is a photovoltaic data monitoring platform from SMA Solar, Germany. It is used to monitor the operation of PV systems in real time and to obtain performance data. A security vulnerability exists in SMA Solar Sunny Portal that originates from an unauthenticated attacker who...
SMA Solar Technology Sunny WebBox Cross-Site Request Forgery (CVE-2019-13529)
A cross-site request forgery vulnerability exists in SMA Solar Technology Sunny WebBox. A remote attacker can exploit this vulnerability by enticing a target authenticated user to visit a specially crafted page...
The vulnerability of the microprogramming software in the remote control system for solar panels, SMA Solar Sunny WebBox, related to the manipulation of inter-site requests, allows a intruder to increase their privileges.
The vulnerability of the microprogramming software in the SMA Solar Sunny WebBox remote control system is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to enhance their privileges by using a specially created malicious link...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny WebBox SMA Solar Device Firmware Version...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware...
SMA Solar Technology AG Sunny WebBox 1.6 Cross Site Request Forgery
Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny WebBox SMA Solar Device Firmware Version...
SMA Solar Technology AG Sunny WebBox CVE-2019-13529 Cross Site Request Forgery Vulnerability
Description SMA Solar Technology AG Sunny WebBox is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Sunny WebBox versions 1.6 and prior are...
SMA Solar Technology AG Sunny WebBox
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SMA Solar Technology AG Equipment: Sunny WebBox Vulnerability: Cross-Site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to generate a...
SMA Solar Technology inverter weak password vulnerability (CNVD-2017-27842)
SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A weak password vulnerability exists in the SMA Solar Technology inverter, which stems from a weak password policy used by the program and can be exploited by an attacker to obtain a password...
SMA Solar Technology inverter denial of service vulnerability
SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A denial of service vulnerability exists in SMA Solar Technology inverter. An attacker could exploit this vulnerability to cause a denial of service crash or inability to communicate with other SMA servers or obtain...
Unspecified vulnerability in SMA Solar Technology inverter
SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in the SMA Solar Technology inverter. An attacker could exploit this vulnerability by sending specially crafted packets to the inverter to determine the active user account...
SMA Solar Technology Sunny Explorer Information Disclosure Vulnerability
SMA Solar Technology Sunny Explorer is a photovoltaic plant management software from SMA Germany. An information disclosure vulnerability exists in SMA Solar Technology Sunny Explorer. An attacker could exploit this vulnerability to obtain information, create and save .txt files...
Unspecified vulnerability in SMA Solar Technology inverter (CNVD-2017-27846)
SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in the SMA Solar Technology inverter. An attacker could exploit the vulnerability to change sensitive parameters...
Information disclosure
DISPUTED An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking...
Design/Logic Flaw
DISPUTED An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports...
Authentication flaw
DISPUTED An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, et...
CVE-2017-9852
An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company but a...
CVE-2017-9859
An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This...