AI Score
Confidence
Low
EPSS
Percentile
64.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
partial
An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are “encrypted” using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
[
{
"cpes": [
"cpe:2.3:a:sma:sunny_boy_tl-21:*:*:*:*:*:*:*:*"
],
"vendor": "sma",
"product": "sunny_boy_tl-21",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:sma:sunny_boy_tlst-21:*:*:*:*:*:*:*:*"
],
"vendor": "sma",
"product": "sunny_boy_tlst-21",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:sma:sunny_tripower_tl-10:*:*:*:*:*:*:*:*"
],
"vendor": "sma",
"product": "sunny_tripower_tl-10",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:sma:sunny_tripower_tl-30:*:*:*:*:*:*:*:*"
],
"vendor": "sma",
"product": "sunny_tripower_tl-30",
"versions": [
{
"status": "affected",
"version": "*"
}
],
"defaultStatus": "unknown"
}
]