Sma Sunny_boy_3.0

12 CVEs affecting Sma Sunny_boy_3.0. Latest disclosed: 2017-08-05. Critical: 7, High: 4.

Top CVEs affecting Sma Sunny_boy_3.0
CVESeverityScorePublishedSummary
CVE-2017-9861Critical9.82017-08-05An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to repl…
CVE-2017-9860Critical9.82017-08-05An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware wi…
CVE-2017-9859Critical9.82017-08-05An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. Thi…
CVE-2017-9855Critical9.82017-08-05An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This syst…
CVE-2017-9854Critical9.82017-08-05An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are ty…
CVE-2017-9853Critical9.82017-08-05An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity req…
CVE-2017-9852Critical9.82017-08-05An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will al…
CVE-2017-9863High8.82017-08-05An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request f…
CVE-2017-9857High8.12017-08-05An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vuln…
CVE-2017-9864High7.52017-08-05An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system…
CVE-2017-9858High7.52017-08-05An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accoun…
CVE-2017-9856Low3.42017-08-05An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encry…