An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N
Vendors Products
Sma
  • Sunny Central 630cp Xt Firmware
  • Sunny Boy 1.5
  • Sunny Tripower 5000tl Firmware
  • Sunny Central 500cp Xt
  • Sunny Tripower 60
  • Sunny Boy 3600 Firmware
  • Sunny Boy 3600
  • Sunny Boy 3600tl
  • Sunny Boy 5.0 Firmware
  • Sunny Central Storage 800 Firmware
  • Sunny Tripower Core1 Firmware
  • Sunny Central 720cp Xt
  • Sunny Central Storage 2500-ev
  • Sunny Central Storage 760 Firmware
  • Sunny Boy 3000tl
  • Sunny Central 800cp Xt
  • Sunny Central Storage 900 Firmware
  • Sunny Tripower 25000tl Firmware
  • Sunny Boy 3600tl Firmware
  • Sunny Boy 2.5
  • Sunny Central Storage 800
  • Sunny Central Storage 500 Firmware
  • Sunny Central Storage 900
  • Sunny Boy 5000
  • Sunny Central Storage 760
  • Sunny Boy 3.0 Firmware
  • Sunny Central 2200 Firmware
  • Sunny Central Storage 1000
  • Sunny Central Storage 630
  • Sunny Tripower 20000tl Firmware
  • Sunny Central 850cp Xt Firmware
  • Sunny Boy 4000tl
  • Sunny Central Storage 850 Firmware
  • Sunny Boy 4.0 Firmware
  • Sunny Central Storage 500
  • Sunny Boy 3.6 Firmware
  • Sunny Tripower 15000tl
  • Sunny Central 2200
  • Sunny Boy 3.6
  • Sunny Central Storage 2200
  • Sunny Central 1000cp Xt Firmware
  • Sunny Tripower 5000tl
  • Sunny Tripower 12000tl Firmware
  • Sunny Boy 5000 Firmware
  • Sunny Central 630cp Xt
  • Sunny Boy 3.0
  • Sunny Boy 2.5 Firmware
  • Sunny Central Storage 630 Firmware
  • Sunny Central Storage 2200 Firmware
  • Sunny Boy Storage 2.5
  • Sunny Central 500cp Xt Firmware
  • Sunny Central Storage 720
  • Sunny Boy 4.0
  • Sunny Boy Storage 2.5 Firmware
  • Sunny Central Storage 720 Firmware
  • Sunny Boy 3000tl Firmware
  • Sunny Boy 4000tl Firmware
  • Sunny Boy 5.0
  • Sunny Boy 5000tl Firmware
  • Sunny Boy 5000tl
  • Sunny Central 720cp Xt Firmware
  • Sunny Central 900cp Xt Firmware
  • Sunny Central 850cp Xt
  • Sunny Central 900cp Xt
  • Sunny Tripower 20000tl
  • Sunny Central Storage 850
  • Sunny Central 760cp Xt Firmware
  • Sunny Tripower 25000tl
  • Sunny Boy 1.5 Firmware
  • Sunny Central 1000cp Xt
  • Sunny Tripower 15000tl Firmware
  • Sunny Tripower Core1
  • Sunny Tripower 12000tl
  • Sunny Central Storage 1000 Firmware
  • Sunny Central 760cp Xt
  • Sunny Central Storage 2500-ev Firmware
  • Sunny Central 800cp Xt Firmware
  • Sunny Tripower 60 Firmware

Configuration 1 [-]

AND
cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_3600:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_5000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_core1:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_15000tl:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_20000tl:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:sma:sunny_tripower_25000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_25000tl:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:sma:sunny_tripower_5000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_5000tl:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:sma:sunny_tripower_12000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_12000tl:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:sma:sunny_tripower_60_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_60:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:sma:sunny_boy_3000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_3000tl:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:sma:sunny_boy_3600tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_3600tl:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:sma:sunny_boy_4000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_4000tl:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:sma:sunny_boy_5000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_5000tl:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:sma:sunny_boy_1.5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:sma:sunny_boy_2.5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_2.5:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:sma:sunny_boy_3.0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_3.0:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:sma:sunny_boy_3.6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_3.6:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:sma:sunny_boy_4.0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_4.0:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:sma:sunny_boy_5.0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_5.0:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:sma:sunny_central_2200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_2200:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:sma:sunny_central_1000cp_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_1000cp_xt:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:h:sma:sunny_central_800cp_xt:-:*:*:*:*:*:*:*
cpe:2.3:o:sma:sunny_central_800cp_xt_firmware:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:h:sma:sunny_central_850cp_xt:-:*:*:*:*:*:*:*
cpe:2.3:o:sma:sunny_central_850cp_xt_firmware:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:h:sma:sunny_central_900cp_xt:-:*:*:*:*:*:*:*
cpe:2.3:o:sma:sunny_central_900cp_xt_firmware:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:h:sma:sunny_central_500cp_xt:-:*:*:*:*:*:*:*
cpe:2.3:o:sma:sunny_central_500cp_xt_firmware:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:sma:sunny_central_630cp_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_630cp_xt:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:h:sma:sunny_central_720cp_xt:-:*:*:*:*:*:*:*
cpe:2.3:o:sma:sunny_central_720cp_xt_firmware:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:h:sma:sunny_central_760cp_xt:-:*:*:*:*:*:*:*
cpe:2.3:o:sma:sunny_central_760cp_xt_firmware:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:h:sma:sunny_central_storage_500:-:*:*:*:*:*:*:*
cpe:2.3:o:sma:sunny_central_storage_500_firmware:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:h:sma:sunny_central_storage_630:-:*:*:*:*:*:*:*
cpe:2.3:o:sma:sunny_central_storage_630_firmware:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_720_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_720:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_760_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_760:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_800:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_850_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_850:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_900:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_1000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_1000:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_2200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_2200:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_2500-ev_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_2500-ev:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND
cpe:2.3:o:sma:sunny_boy_storage_2.5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_storage_2.5:-:*:*:*:*:*:*:*
References
Link Resource
http://www.sma.de/en/statement-on-cyber-security.html
http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf
https://horusscenario.com/CVE-information/ Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-05T17:00:00

Updated: 2017-08-21T08:57:01

Reserved: 2017-06-24T00:00:00

Link: CVE-2017-9852

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2017-08-05T17:29:00.457

Modified: 2024-05-17T01:21:02.543

Link: CVE-2017-9852

JSON object: View

cve-icon Redhat Information

No data.

CWE