CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
55.5%
An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now knows exactly which users exist and which do not. NOTE: the vendor’s position is that this “is not a security gap per se.” Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
Vendor | Product | Version | CPE |
---|---|---|---|
sma | sunny_boy_3600_firmware | - | cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:* |
sma | sunny_boy_3600 | - | cpe:2.3:h:sma:sunny_boy_3600:-:*:*:*:*:*:*:* |
sma | sunny_boy_5000_firmware | - | cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:* |
sma | sunny_boy_5000 | - | cpe:2.3:h:sma:sunny_boy_5000:-:*:*:*:*:*:*:* |
sma | sunny_tripower_core1_firmware | - | cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:* |
sma | sunny_tripower_core1 | - | cpe:2.3:h:sma:sunny_tripower_core1:-:*:*:*:*:*:*:* |
sma | sunny_tripower_15000tl_firmware | - | cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:* |
sma | sunny_tripower_15000tl | - | cpe:2.3:h:sma:sunny_tripower_15000tl:-:*:*:*:*:*:*:* |
sma | sunny_tripower_20000tl_firmware | - | cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:* |
sma | sunny_tripower_20000tl | - | cpe:2.3:h:sma:sunny_tripower_20000tl:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
55.5%