SMA Solar Technology AG ennexos.sunnyportal.com 安全漏洞

SMA Solar Technology AG ennexos.sunnyportal.com is an online platform of SMA Solar Technology AG, Germany. A security vulnerability exists in SMA Solar Technology AG ennexos.sunnyportal.com that originates from a low-privileged user being able to access other users' information, which could lead ...

SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny...

SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery

SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware...

SMA Solar Technology AG Sunny WebBox 1.6 Cross Site Request Forgery

Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny WebBox SMA Solar Device Firmware Version...

SMA Solar Technology AG Sunny WebBox CVE-2019-13529 Cross Site Request Forgery Vulnerability

Description SMA Solar Technology AG Sunny WebBox is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Sunny WebBox versions 1.6 and prior are...

SMA Solar Technology AG Sunny WebBox

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SMA Solar Technology AG Equipment: Sunny WebBox Vulnerability: Cross-Site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to generate a...

SMA Solar Technology inverter denial of service vulnerability

SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A denial of service vulnerability exists in SMA Solar Technology inverter. An attacker could exploit this vulnerability to cause a denial of service crash or inability to communicate with other SMA servers or obtain...

Unspecified vulnerability in SMA Solar Technology inverter

SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in the SMA Solar Technology inverter. An attacker could exploit this vulnerability by sending specially crafted packets to the inverter to determine the active user account...

SMA Solar Technology Sunny Explorer Information Disclosure Vulnerability

SMA Solar Technology Sunny Explorer is a photovoltaic plant management software from SMA Germany. An information disclosure vulnerability exists in SMA Solar Technology Sunny Explorer. An attacker could exploit this vulnerability to obtain information, create and save .txt files...

SMA Solar Technology inverter weak password vulnerability (CNVD-2017-27842)

SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A weak password vulnerability exists in the SMA Solar Technology inverter, which stems from a weak password policy used by the program and can be exploited by an attacker to obtain a password...

Unspecified vulnerability in SMA Solar Technology inverter (CNVD-2017-27846)

SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in the SMA Solar Technology inverter. An attacker could exploit the vulnerability to change sensitive parameters...

Information disclosure

DISPUTED An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking...

CVE-2017-9852

An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company but a...

Authentication flaw

DISPUTED An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, et...

Cross site request forgery (csrf)

DISPUTED An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters for example, issuing a POST request to change the user password. All Sunny...

Design/Logic Flaw

DISPUTED An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, t...

CVE-2017-9856

An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device...

CVE-2017-9851

An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...

CVE-2017-9854

An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that...

CVE-2017-9855

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer...