Lucene search

MitreVULNRICHMENT:CVE-2017-9856

HistoryAug 05, 2017 - 5:00 p.m.

CVE-2017-9856

2017-08-0517:00:00

mitre

github.com

AI Score

6.8

Confidence

Low

EPSS

0.002

Percentile

64.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are “encrypted” using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:sma:sunny_boy_tl-21:*:*:*:*:*:*:*:*"
    ],
    "vendor": "sma",
    "product": "sunny_boy_tl-21",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:sma:sunny_boy_tlst-21:*:*:*:*:*:*:*:*"
    ],
    "vendor": "sma",
    "product": "sunny_boy_tlst-21",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:sma:sunny_tripower_tl-10:*:*:*:*:*:*:*:*"
    ],
    "vendor": "sma",
    "product": "sunny_tripower_tl-10",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  },
  {
    "cpes": [
      "cpe:2.3:a:sma:sunny_tripower_tl-30:*:*:*:*:*:*:*:*"
    ],
    "vendor": "sma",
    "product": "sunny_tripower_tl-30",
    "versions": [
      {
        "status": "affected",
        "version": "*"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.sma.de/en/statement-on-cyber-security.html

www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf

horusscenario.com/CVE-information/