CVE-2017-9852 : An Incorrect Password Management issue was discovered in SMA Solar Technology pr

An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Published 2017-08-05 17:29:00

Updated 2024-08-05 18:15:29

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2017-9852

SMA » Sunny Boy 3600 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 3600 » Version: N/A
SMA » Sunny Boy 5000 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 5000 » Version: N/A
SMA » Sunny Tripower Core1 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Tripower Core1 » Version: N/A
SMA » Sunny Tripower 15000tl Firmware » Version: N/A
cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Tripower 15000tl » Version: N/A
SMA » Sunny Tripower 20000tl Firmware » Version: N/A
cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Tripower 20000tl » Version: N/A
SMA » Sunny Tripower 25000tl Firmware » Version: N/A
cpe:2.3:o:sma:sunny_tripower_25000tl_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Tripower 25000tl » Version: N/A
SMA » Sunny Tripower 5000tl Firmware » Version: N/A
cpe:2.3:o:sma:sunny_tripower_5000tl_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Tripower 5000tl » Version: N/A
SMA » Sunny Tripower 12000tl Firmware » Version: N/A
cpe:2.3:o:sma:sunny_tripower_12000tl_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Tripower 12000tl » Version: N/A
SMA » Sunny Tripower 60 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_tripower_60_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Tripower 60 » Version: N/A
SMA » Sunny Boy 3000tl Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_3000tl_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 3000tl » Version: N/A
SMA » Sunny Boy 3600tl Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_3600tl_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 3600tl » Version: N/A
SMA » Sunny Boy 4000tl Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_4000tl_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 4000tl » Version: N/A
SMA » Sunny Boy 5000tl Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_5000tl_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 5000tl » Version: N/A
SMA » Sunny Boy 1.5 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_1.5_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 1.5 » Version: N/A
SMA » Sunny Boy 2.5 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_2.5_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 2.5 » Version: N/A
SMA » Sunny Boy 3.0 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_3.0_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 3.0 » Version: N/A
SMA » Sunny Boy 3.6 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_3.6_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 3.6 » Version: N/A
SMA » Sunny Boy 4.0 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_4.0_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 4.0 » Version: N/A
SMA » Sunny Boy 5.0 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_5.0_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy 5.0 » Version: N/A
SMA » Sunny Central 2200 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_2200_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central 2200 » Version: N/A
SMA » Sunny Central 1000cp Xt Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_1000cp_xt_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central 1000cp Xt » Version: N/A
SMA » Sunny Central 800cp Xt Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_800cp_xt_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central 800cp Xt » Version: N/A
SMA » Sunny Central 850cp Xt Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_850cp_xt_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central 850cp Xt » Version: N/A
SMA » Sunny Central 900cp Xt Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_900cp_xt_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central 900cp Xt » Version: N/A
SMA » Sunny Central 500cp Xt Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_500cp_xt_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central 500cp Xt » Version: N/A
SMA » Sunny Central 630cp Xt Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_630cp_xt_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central 630cp Xt » Version: N/A
SMA » Sunny Central 720cp Xt Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_720cp_xt_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central 720cp Xt » Version: N/A
SMA » Sunny Central 760cp Xt Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_760cp_xt_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central 760cp Xt » Version: N/A
SMA » Sunny Central Storage 500 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_storage_500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central Storage 500 » Version: N/A
SMA » Sunny Central Storage 630 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_storage_630_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central Storage 630 » Version: N/A
SMA » Sunny Central Storage 720 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_storage_720_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central Storage 720 » Version: N/A
SMA » Sunny Central Storage 760 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_storage_760_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central Storage 760 » Version: N/A
SMA » Sunny Central Storage 800 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_storage_800_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central Storage 800 » Version: N/A
SMA » Sunny Central Storage 850 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_storage_850_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central Storage 850 » Version: N/A
SMA » Sunny Central Storage 900 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_storage_900_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central Storage 900 » Version: N/A
SMA » Sunny Central Storage 1000 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_storage_1000_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central Storage 1000 » Version: N/A
SMA » Sunny Central Storage 2200 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_storage_2200_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central Storage 2200 » Version: N/A
SMA » Sunny Central Storage 2500-ev Firmware » Version: N/A
cpe:2.3:o:sma:sunny_central_storage_2500-ev_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Central Storage 2500-ev » Version: N/A
SMA » Sunny Boy Storage 2.5 Firmware » Version: N/A
cpe:2.3:o:sma:sunny_boy_storage_2.5_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: SMA » Sunny Boy Storage 2.5 » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2017-9852

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 53 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-9852

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2017-9852

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2017-9852

https://horusscenario.com/CVE-information/

CVE-Information – Horus Scenario
Third Party Advisory

CVEs referencing this url
http://www.sma.de/en/statement-on-cyber-security.html

Statement on Cyber Security

CVEs referencing this url
http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2017-9852

Products affected by CVE-2017-9852

Exploit prediction scoring system (EPSS) score for CVE-2017-9852

CVSS scores for CVE-2017-9852

CWE ids for CVE-2017-9852

References for CVE-2017-9852