81 matches found
SMA Solar Technology AG ennexos.sunnyportal.com 安全漏洞
SMA Solar Technology AG ennexos.sunnyportal.com is an online platform of SMA Solar Technology AG, Germany. A security vulnerability exists in SMA Solar Technology AG ennexos.sunnyportal.com that originates from a low-privileged user being able to access other users' information, which could lead ...
SMA Solar Sunny Portal 安全漏洞
SMA Solar Sunny Portal is a photovoltaic data monitoring platform from SMA Solar, Germany. It is used to monitor the operation of PV systems in real time and to obtain performance data. A security vulnerability exists in SMA Solar Sunny Portal that originates from an unauthenticated attacker who...
SMA Solar Technology Sunny WebBox Cross-Site Request Forgery (CVE-2019-13529)
A cross-site request forgery vulnerability exists in SMA Solar Technology Sunny WebBox. A remote attacker can exploit this vulnerability by enticing a target authenticated user to visit a specially crafted page...
The vulnerability of the microprogramming software in the remote control system for solar panels, SMA Solar Sunny WebBox, related to the manipulation of inter-site requests, allows a intruder to increase their privileges.
The vulnerability of the microprogramming software in the SMA Solar Sunny WebBox remote control system is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to enhance their privileges by using a specially created malicious link...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny...
SMA Solar Technology AG Sunny WebBox 1.6 Cross Site Request Forgery
Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny WebBox SMA Solar Device Firmware Version...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny WebBox SMA Solar Device Firmware Version...
SMA Solar Technology AG Sunny WebBox CVE-2019-13529 Cross Site Request Forgery Vulnerability
Description SMA Solar Technology AG Sunny WebBox is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Sunny WebBox versions 1.6 and prior are...
SMA Solar Technology AG Sunny WebBox
1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SMA Solar Technology AG Equipment: Sunny WebBox Vulnerability: Cross-Site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to generate a...
SMA Solar Technology Sunny Explorer Information Disclosure Vulnerability
SMA Solar Technology Sunny Explorer is a photovoltaic plant management software from SMA Germany. An information disclosure vulnerability exists in SMA Solar Technology Sunny Explorer. An attacker could exploit this vulnerability to obtain information, create and save .txt files...
SMA Solar Technology inverter denial of service vulnerability
SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A denial of service vulnerability exists in SMA Solar Technology inverter. An attacker could exploit this vulnerability to cause a denial of service crash or inability to communicate with other SMA servers or obtain...
Unspecified vulnerability in SMA Solar Technology inverter
SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in the SMA Solar Technology inverter. An attacker could exploit this vulnerability by sending specially crafted packets to the inverter to determine the active user account...
Unspecified vulnerability in SMA Solar Technology inverter (CNVD-2017-27846)
SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in the SMA Solar Technology inverter. An attacker could exploit the vulnerability to change sensitive parameters...
SMA Solar Technology inverter weak password vulnerability (CNVD-2017-27842)
SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A weak password vulnerability exists in the SMA Solar Technology inverter, which stems from a weak password policy used by the program and can be exploited by an attacker to obtain a password...
CVE-2017-9855
An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer...
CVE-2017-9862
An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An...
Default credentials
DISPUTED An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited s...
Code injection
DISPUTED An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks such as a brute force attack as one now knows exactly which users exist and...
CVE-2017-9854
An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that...