CVE-2017-9852

CVSS V2 Medium 5 CVSS V3 Critical 9.8
Description
** DISPUTED ** An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
Overview
  • CVE ID
  • CVE-2017-9852
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2017-08-05T17:29:00
  • Last Modified Date
  • 2019-10-03T00:03:26
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_3600:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_5000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_core1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_15000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_20000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_25000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_25000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_5000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_5000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_12000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_12000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_60_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_60:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_3000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_3000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_3600tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_3600tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_4000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_4000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_5000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_5000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_1.5_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_2.5_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_2.5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_3.0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_3.0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_3.6_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_3.6:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_4.0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_4.0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_5.0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_5.0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_2200_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_2200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_1000cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_1000cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_800cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_800cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_850cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_850cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_900cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_900cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_500cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_500cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_630cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_630cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_720cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_720cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_760cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_760cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_500_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_500:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_630_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_630:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_720_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_720:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_760_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_760:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_800_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_800:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_850_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_850:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_900_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_900:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_1000_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_1000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_2200_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_2200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_2500-ev_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_2500-ev:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_storage_2.5_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_storage_2.5:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
History
Created Old Value New Value Data Type Notes
2022-05-10 17:30:10 Added to TrackCVE
2022-12-02 19:22:21 2017-08-05T17:29Z 2017-08-05T17:29:00 CVE Published Date updated
2022-12-02 19:22:21 2019-10-03T00:03:26 CVE Modified Date updated
2022-12-02 19:22:21 Modified Vulnerability Status updated