24 matches found
SMA Solar Technology Sunny Explorer Information Disclosure Vulnerability
SMA Solar Technology Sunny Explorer is a photovoltaic plant management software from SMA Germany. An information disclosure vulnerability exists in SMA Solar Technology Sunny Explorer. An attacker could exploit this vulnerability to obtain information, create and save .txt files...
SMA Solar Technology Sunny Explorer Program Denial of Service Vulnerability
The SMA Solar Technology Sunny Explorer program is a photovoltaic plant management software from the German company SMA. A denial of service vulnerability exists in the SMA Solar Technology Sunny Explorer program. An attacker could exploit this vulnerability to cause a denial of service...
SMA Solar Technology Sunny Explorer Information Disclosure Vulnerability
SMA Solar Technology Sunny Explorer is a photovoltaic plant management software from SMA Germany. An information disclosure vulnerability exists in SMA Solar Technology Sunny Explorer. An attacker could exploit this vulnerability to obtain information, create and save .txt files...
SMA Solar Technology Sunny Explorer and inverter cross-site request forgery vulnerability
SMA Solar Technology Sunny Explorer is a PV plant management software from SMA Germany.SMA Solar Technology inverter is a PV inverter plant from SMA Germany. A cross-site request forgery vulnerability exists in SMA Solar Technology Sunny Explorer and the inverter associated with Sunny Explorer. A...
CVE-2017-9851
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...
CVE-2017-9854
An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that...
CVE-2017-9860
An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the invert...
Design/Logic Flaw
DISPUTED An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny...
CVE-2017-9863
An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters for example, issuing a POST request to change the user password. All Sunny Explorer...
CVE-2017-9862
An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An...
CVE-2017-9857
An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be...
CVE-2017-9854
CVE-2017-9854 affects SMA Solar Technology Sunny Explorer-related components. The issue allows an attacker to sniff specific localhost packets and read plaintext passwords as users type them into Sunny Explorer, potentially compromising the entire device. Affected products are Sunny Boy TLST-21/T...
CVE-2017-9851
CVE-2017-9851 affects SMA Solar Technology Sunny Explorer; vulnerability arises when nonsense data is sent or a TELNET session is opened to the Sunny Explorer database port, causing the application to crash. Affected products/versions include Sunny Boy TLST-21 and TL-21, and Sunny Tripower TL-10 ...
CVE-2017-9862
An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An...
CVE-2017-9857
An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be...
CVE-2017-9857
An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be...
CVE-2017-9863
SMA Solar Technology Sunny Explorer-related CSRF vulnerability (CVE-2017-9863) affects Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30. When a user runs Sunny Explorer and visits a malicious host, an unauthenticated attacker can exploit cross-site request forgery to change inverter setting...
CVE-2017-9851
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...
CVE-2017-9854
An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that...
CVE-2017-9851
An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...