CVE-2017-9859

CVSS V2 Medium 5 CVSS V3 Critical 9.8
Description
** DISPUTED ** An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked relatively easily. An attacker will likely be able to crack the password using offline crackers. This cracked password can then be used to register at the SMA servers. NOTE: the vendor's position is that "we consider the probability of the success of such manipulation to be extremely low." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
Overview
  • CVE ID
  • CVE-2017-9859
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2017-08-05T17:29:00
  • Last Modified Date
  • 2019-10-03T00:03:26
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_3600:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_5000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_core1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_15000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_20000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_25000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_25000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_5000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_5000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_12000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_12000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_tripower_60_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_tripower_60:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_3000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_3000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_3600tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_3600tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_4000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_4000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_5000tl_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_5000tl:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_1.5_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_2.5_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_2.5:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_3.0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_3.0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_3.6_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_3.6:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_4.0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_4.0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_5.0_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_5.0:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_2200_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_2200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_1000cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_1000cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_800cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_800cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_850cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_850cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_900cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_900cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_500cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_500cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_630cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_630cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_720cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_720cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_760cp_xt_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_760cp_xt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_500_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_500:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_630_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_630:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_720_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_720:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_760_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_760:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_800_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_800:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_850_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_850:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_900_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_900:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_1000_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_1000:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_2200_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_2200:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_central_storage_2500-ev_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_central_storage_2500-ev:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:sma:sunny_boy_storage_2.5_firmware:-:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:sma:sunny_boy_storage_2.5:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:N/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 5
  • Severity
  • MEDIUM
  • Exploitability Score
  • 10
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 9.8
  • Base Severity
  • CRITICAL
  • Exploitability Score
  • 3.9
  • Impact Score
  • 5.9
History
Created Old Value New Value Data Type Notes
2022-05-10 17:30:11 Added to TrackCVE
2022-12-02 19:22:50 2017-08-05T17:29Z 2017-08-05T17:29:00 CVE Published Date updated
2022-12-02 19:22:50 2019-10-03T00:03:26 CVE Modified Date updated
2022-12-02 19:22:50 Modified Vulnerability Status updated