Lucene search
K

62 matches found

CNNVD
CNNVD
added 2025/08/19 12:0 a.m.3 views

SMA Solar Technology AG ennexos.sunnyportal.com 安全漏洞

SMA Solar Technology AG ennexos.sunnyportal.com is an online platform of SMA Solar Technology AG, Germany. A security vulnerability exists in SMA Solar Technology AG ennexos.sunnyportal.com that originates from a low-privileged user being able to access other users' information, which could lead ...

6.5CVSS6.4AI score0.00335EPSS
Exploits0References3
exploitpack
exploitpack
added 2019/10/10 12:0 a.m.43 views

SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery

SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware...

6.8CVSS0.1AI score0.0223EPSS
Exploits4
Packet Storm
Packet Storm
added 2019/10/10 12:0 a.m.211 views

SMA Solar Technology AG Sunny WebBox 1.6 Cross Site Request Forgery

Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny WebBox SMA Solar Device Firmware Version...

8.8AI score0.0223EPSS
Exploits4
0day.today
0day.today
added 2019/10/10 12:0 a.m.98 views

SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Vulnerability

Exploit for hardware platform in category web applications Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny...

6.8CVSS8.6AI score0.0223EPSS
Exploits4
Symantec
Symantec
added 2019/10/08 12:0 a.m.43 views

SMA Solar Technology AG Sunny WebBox CVE-2019-13529 Cross Site Request Forgery Vulnerability

Description SMA Solar Technology AG Sunny WebBox is prone to a cross-site request-forgery vulnerability. An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible. Sunny WebBox versions 1.6 and prior are...

8.7AI score0.0223EPSS
Exploits4References1Affected Software1
ICS
ICS
added 2019/10/08 12:0 a.m.93 views

SMA Solar Technology AG Sunny WebBox

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: SMA Solar Technology AG Equipment: Sunny WebBox Vulnerability: Cross-Site Request Forgery 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to generate a...

8.8CVSS8.9AI score0.0223EPSS
Exploits4References5
CNVD
CNVD
added 2017/08/10 12:0 a.m.3 views

SMA Solar Technology Sunny Explorer Information Disclosure Vulnerability

SMA Solar Technology Sunny Explorer is a photovoltaic plant management software from SMA Germany. An information disclosure vulnerability exists in SMA Solar Technology Sunny Explorer. An attacker could exploit this vulnerability to obtain information, create and save .txt files...

7.5CVSS7.2AI score0.01724EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/10 12:0 a.m.2 views

SMA Solar Technology inverter denial of service vulnerability

SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A denial of service vulnerability exists in SMA Solar Technology inverter. An attacker could exploit this vulnerability to cause a denial of service crash or inability to communicate with other SMA servers or obtain...

9.8CVSS9.2AI score0.01408EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/10 12:0 a.m.3 views

Unspecified vulnerability in SMA Solar Technology inverter

SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in the SMA Solar Technology inverter. An attacker could exploit this vulnerability by sending specially crafted packets to the inverter to determine the active user account...

7.5CVSS7.5AI score0.02058EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/10 12:0 a.m.3 views

Unspecified vulnerability in SMA Solar Technology inverter (CNVD-2017-27846)

SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in the SMA Solar Technology inverter. An attacker could exploit the vulnerability to change sensitive parameters...

9.8CVSS9.3AI score0.01583EPSS
Exploits0References1
CNVD
CNVD
added 2017/08/10 12:0 a.m.4 views

SMA Solar Technology inverter weak password vulnerability (CNVD-2017-27842)

SMA Solar Technology inverter is a photovoltaic inverter device from SMA Germany. A weak password vulnerability exists in the SMA Solar Technology inverter, which stems from a weak password policy used by the program and can be exploited by an attacker to obtain a password...

9.8CVSS9.5AI score0.01716EPSS
Exploits0References1
NVD
NVD
added 2017/08/05 5:29 p.m.20 views

CVE-2017-9855

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer...

9.8CVSS9.6AI score0.01583EPSS
Exploits0References3
Prion
Prion
added 2017/08/05 5:29 p.m.13 views

Default credentials

DISPUTED An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited s...

5CVSS7.3AI score0.01716EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.17 views

CVE-2017-9854

An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that...

9.8CVSS9.4AI score0.01127EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.22 views

CVE-2017-9851

An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...

7.5CVSS7.6AI score0.01865EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.20 views

CVE-2017-9863

An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters for example, issuing a POST request to change the user password. All Sunny Explorer...

8.8CVSS8.6AI score0.00696EPSS
Exploits0References3
Prion
Prion
added 2017/08/05 5:29 p.m.13 views

Authentication flaw

DISPUTED An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, et...

4.3CVSS7.2AI score0.00689EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.17 views

CVE-2017-9860

An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the invert...

10CVSS9.2AI score0.02244EPSS
Exploits0References3
NVD
NVD
added 2017/08/05 5:29 p.m.16 views

CVE-2017-9853

An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of...

9.8CVSS9.5AI score0.01716EPSS
Exploits0References3
Prion
Prion
added 2017/08/05 5:29 p.m.17 views

Design/Logic Flaw

DISPUTED An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, t...

10CVSS7AI score0.02244EPSS
Exploits0References3
Rows per page
Query Builder