Sma Sunny_boy_3.0_firmware
12 CVEs affecting Sma Sunny_boy_3.0_firmware. Latest disclosed: 2017-08-05. Critical: 7, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-9861 | Critical | 9.8 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to repl… |
CVE-2017-9860 | Critical | 9.8 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware wi… |
CVE-2017-9859 | Critical | 9.8 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. Thi… |
CVE-2017-9855 | Critical | 9.8 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This syst… |
CVE-2017-9854 | Critical | 9.8 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are ty… |
CVE-2017-9853 | Critical | 9.8 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity req… |
CVE-2017-9852 | Critical | 9.8 | 2017-08-05 | An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will al… |
CVE-2017-9863 | High | 8.8 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request f… |
CVE-2017-9857 | High | 8.1 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vuln… |
CVE-2017-9864 | High | 7.5 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system… |
CVE-2017-9858 | High | 7.5 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accoun… |
CVE-2017-9856 | Low | 3.4 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encry… |