CVE-2017-9851

An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...

CVE-2017-9853

An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of...

CVE-2017-9859

An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This...

CVE-2017-9858

CVE-2017-9858 affects SMA Solar Technology inverters (Sunny Boy TLST-21, TL-21; Sunny Tripower TL-10, TL-30). By sending crafted packets to the inverter and observing responses, an attacker can determine which user accounts are active or inactive, enabling brute-force planning. The vendor notes t...

CVE-2017-9851

An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...

CVE-2017-9864

Summary of CVE-2017-9864 (SMA Solar Technology inverter/time setting issue) : An attacker can change the plant time on SMA Solar Technology inverters (notably Sunny Boy TLST-21/TL-21 and Sunny Tripower TL-10/TL-30) without authentication, causing the system time to shift. This can affect timestam...

CVE-2017-9851

An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy...

CVE-2017-9855

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer...

PT-2017-19221 · Sma Solar Technology · Sunny Tripower +2

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products affected versions not specified Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30 Description: An issue was discovered in SMA Solar Technology products, related to the Grid Guard system...

PT-2017-19230 · Sma Solar Technology · Sunny Boy Tlst-21 +2

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products, specifically Sunny Boy TLST-21, TL-21, and Sunny Tripower TL-10, TL-30 Description: An issue allows an attacker to change the plant time without authentication, potentially affecting system time and making...

PT-2017-19229 · Sma Solar Technology · Sunny Boy Tlst-21 +3

Name of the Vulnerable Software and Affected Versions: SMA Solar Technology products, specifically Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 Description: An issue in SMA Solar Technology products allows for cross-site request forgery, enabling an attacker to change settings i...