24 matches found
SMA Solar Technology Sunny Explorer Information Disclosure Vulnerability
SMA Solar Technology Sunny Explorer is a photovoltaic plant management software from SMA Germany. An information disclosure vulnerability exists in SMA Solar Technology Sunny Explorer. An attacker could exploit this vulnerability to obtain information, create and save .txt files...
SMA Solar Technology Sunny Explorer Program Denial of Service Vulnerability
The SMA Solar Technology Sunny Explorer program is a photovoltaic plant management software from the German company SMA. A denial of service vulnerability exists in the SMA Solar Technology Sunny Explorer program. An attacker could exploit this vulnerability to cause a denial of service...
SMA Solar Technology Sunny Explorer and inverter cross-site request forgery vulnerability
SMA Solar Technology Sunny Explorer is a PV plant management software from SMA Germany.SMA Solar Technology inverter is a PV inverter plant from SMA Germany. A cross-site request forgery vulnerability exists in SMA Solar Technology Sunny Explorer and the inverter associated with Sunny Explorer. A...
SMA Solar Technology Sunny Explorer Information Disclosure Vulnerability
SMA Solar Technology Sunny Explorer is a photovoltaic plant management software from SMA Germany. An information disclosure vulnerability exists in SMA Solar Technology Sunny Explorer. An attacker could exploit this vulnerability to obtain information, create and save .txt files...
CVE-2017-9862
An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An...
Design/Logic Flaw
DISPUTED An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny...
CVE-2017-9854
An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that...
CVE-2017-9851
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...
CVE-2017-9857
An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be...
CVE-2017-9863
An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters for example, issuing a POST request to change the user password. All Sunny Explorer...
CVE-2017-9860
An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the invert...
CVE-2017-9857
An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be...
CVE-2017-9851
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...
CVE-2017-9851
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...
CVE-2017-9857
An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be...
CVE-2017-9862
An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An...
CVE-2017-9862
SMA Solar Technology Sunny Explorer information-disclosure (CVE-2017-9862) affects Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30. When signing in with an incorrect password, a debug report can be created that exposes application information and allows saving a .txt file with arbitrary co...
CVE-2017-9863
SMA Solar Technology Sunny Explorer-related CSRF vulnerability (CVE-2017-9863) affects Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30. When a user runs Sunny Explorer and visits a malicious host, an unauthenticated attacker can exploit cross-site request forgery to change inverter setting...
CVE-2017-9851
CVE-2017-9851 affects SMA Solar Technology Sunny Explorer; vulnerability arises when nonsense data is sent or a TELNET session is opened to the Sunny Explorer database port, causing the application to crash. Affected products/versions include Sunny Boy TLST-21 and TL-21, and Sunny Tripower TL-10 ...
CVE-2017-9854
An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that...