{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-08-05T00:00:00", "descriptions": [{"lang": "en", "value": "An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-21T08:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.sma.de/en/statement-on-cyber-security.html"}, {"tags": ["x_refsource_MISC"], "url": "https://horusscenario.com/CVE-information/"}, {"tags": ["x_refsource_MISC"], "url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-9852", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.sma.de/en/statement-on-cyber-security.html", "refsource": "MISC", "url": "http://www.sma.de/en/statement-on-cyber-security.html"}, {"name": "https://horusscenario.com/CVE-information/", "refsource": "MISC", "url": "https://horusscenario.com/CVE-information/"}, {"name": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", "refsource": "MISC", "url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T17:18:01.925Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.sma.de/en/statement-on-cyber-security.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://horusscenario.com/CVE-information/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-9852", "datePublished": "2017-08-05T17:00:00", "dateReserved": "2017-06-24T00:00:00", "dateUpdated": "2024-08-05T17:18:01.925Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FF135EE-B9B5-41B4-ADD5-A28EAAD794BE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_3600:-:*:*:*:*:*:*:*", "matchCriteriaId": "66A72AD7-33EC-4B93-BF10-DB6DC78AFC00", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4DA6E217-2C7E-485B-90DB-6B962C02DD68", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_5000:-:*:*:*:*:*:*:*", "matchCriteriaId": "E381975C-AC80-4797-9D60-21A8FEEBA71C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "6D33CE8B-F38A-4E06-9888-E1C6FB2EF17C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_tripower_core1:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A24A14C-E510-479F-86ED-050502912FE7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3AFE4BC8-80B8-4C16-B6B1-3458B54B61EE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_tripower_15000tl:-:*:*:*:*:*:*:*", "matchCriteriaId": "5E930476-4BB4-44FB-94EF-B327B7016C64", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A21E55C7-EF78-46DF-B221-0D16F76D16C3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_tripower_20000tl:-:*:*:*:*:*:*:*", "matchCriteriaId": "82E14A85-4A8F-441B-B457-39A8CB114272", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_tripower_25000tl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7210BF3C-EA34-4805-A596-9B818EE231F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_tripower_25000tl:-:*:*:*:*:*:*:*", "matchCriteriaId": "A58780AF-6A20-44FE-9627-7ED1965DC6D4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_tripower_5000tl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C37031D3-E12D-450C-9DAF-E57E70A179FF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_tripower_5000tl:-:*:*:*:*:*:*:*", "matchCriteriaId": "3916D5DB-736B-4958-A62C-29F8DACFE4AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_tripower_12000tl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4BB8A5FD-512F-48CE-B9DB-B61228178515", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_tripower_12000tl:-:*:*:*:*:*:*:*", "matchCriteriaId": "7CD72861-42E9-4DD0-A71F-91C327245A18", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_tripower_60_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "22BDD3FF-D9B4-473B-8495-D8EE7D236C70", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_tripower_60:-:*:*:*:*:*:*:*", "matchCriteriaId": "2513FDCE-0DB9-4A3C-BACC-636476BB47A2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_3000tl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "803BA76D-0221-4820-855A-8647B70AF590", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_3000tl:-:*:*:*:*:*:*:*", "matchCriteriaId": "3E68A664-FB5B-466F-AB6D-0EB6C76E5EA0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_3600tl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "96F089F6-9A2B-4D27-94A4-2B59683C044B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_3600tl:-:*:*:*:*:*:*:*", "matchCriteriaId": "77CF17FB-7E59-4407-B9E5-02EE8329EE16", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_4000tl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F004C609-A8C6-4A69-A9CA-670D28060948", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_4000tl:-:*:*:*:*:*:*:*", "matchCriteriaId": "F0263729-F7F5-4F06-9845-432F248B0010", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_5000tl_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "8305C0A5-CD69-42ED-94F8-A548997ECE04", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_5000tl:-:*:*:*:*:*:*:*", "matchCriteriaId": "D42C5BD9-4348-4E0C-9F76-2BDA1A5ADBFB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_1.5_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7ABAC551-0937-4C35-B367-E082216973A5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E6499AD-A269-4D05-9562-975C59659563", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_2.5_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCE97058-71A8-4594-8D1C-44EED65137FA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_2.5:-:*:*:*:*:*:*:*", "matchCriteriaId": "E999A43F-820D-4281-9393-C8641CFDCC37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_3.0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A48FB31D-3CC8-4506-976D-ED65B9CEC3BA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_3.0:-:*:*:*:*:*:*:*", "matchCriteriaId": "DCE8CFE7-2C58-4C98-A806-6010ACAF0127", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_3.6_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "5EA13E68-78D0-4EA3-9D1E-5E34E55EBFA8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_3.6:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C472660-FAF7-48FB-9190-D85EB317197E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_4.0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1E830DAA-4072-48C8-B047-56CA7D61C48A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_4.0:-:*:*:*:*:*:*:*", "matchCriteriaId": "024BC798-2EC6-404E-9B2A-32F661823474", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_5.0_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5A48910-3876-426B-AB95-0EA5F08D4883", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_5.0:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1EF8258-E693-4E18-A7AC-F0A7C40F5211", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_2200_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "98C2345E-E79E-4AAA-AF19-1914F508F5D5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_2200:-:*:*:*:*:*:*:*", "matchCriteriaId": "287A5EC9-69D7-452A-8667-A54D8B890A53", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_1000cp_xt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "14616A98-3829-41DF-BB99-011A617FA45A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_1000cp_xt:-:*:*:*:*:*:*:*", "matchCriteriaId": "2202672A-9402-4B55-95B2-0341BD216AA5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_800cp_xt:-:*:*:*:*:*:*:*", "matchCriteriaId": "C685EA76-43AE-4354-9C07-122F4D070074", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_800cp_xt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "40C43D9A-29EC-4AE0-99F4-5EE700905D0D", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_850cp_xt:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE3A2CAD-4435-418A-9380-2F5F6A60703F", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_850cp_xt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "EF640501-1D66-40B3-B473-B8844D7F8C62", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_900cp_xt:-:*:*:*:*:*:*:*", "matchCriteriaId": "EB862CD2-BA9D-4C95-ABDE-2F6EC23C9C30", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_900cp_xt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C788BEC5-7DE7-4CA7-9F1C-0F515FEC077E", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_500cp_xt:-:*:*:*:*:*:*:*", "matchCriteriaId": "60266D0B-6195-4737-A6EB-6B46B81E0616", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_500cp_xt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D310BA4B-734C-41BF-BDAF-DCBFE26264AE", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_630cp_xt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89052ECC-5760-4D13-B320-5860C22B52C6", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_630cp_xt:-:*:*:*:*:*:*:*", "matchCriteriaId": "6DB5CF00-8E95-48A7-94EC-6E98E77C998A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_720cp_xt:-:*:*:*:*:*:*:*", "matchCriteriaId": "AC865DBB-C763-4063-ADD9-0D230D91C591", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_720cp_xt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "65922D8F-AF83-4DE5-AF8C-B64C27A99A7A", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_760cp_xt:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD088AB2-1C70-4C86-A25C-05B59D566E09", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_760cp_xt_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A8484D2-BA3E-4C87-A392-157B112D3222", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_storage_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "47B541D1-2B28-430A-9AE4-3A67FD6E42D6", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_storage_500_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "05D94A22-FF34-411B-BF12-767CE2518B8D", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_storage_630:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B76D414-9B83-47EF-BCC5-EC9FDDF7A4A7", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_storage_630_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "4A0A4615-BA47-4E3D-8B6C-3CF5B2CC84C7", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_storage_720_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2AC8D9CD-9F52-4257-ACB8-1881ADAB70E5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_storage_720:-:*:*:*:*:*:*:*", "matchCriteriaId": "5D33F707-E03E-4221-A65B-DE694B7BBA85", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_storage_760_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0F7508D9-EAAC-4D68-85B7-013AF5DAF3EC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_storage_760:-:*:*:*:*:*:*:*", "matchCriteriaId": "3785766A-5450-4AE0-BFE6-11E4D298BB36", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_storage_800_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3809F04D-7E1E-4197-AC7A-D84A74609E33", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_storage_800:-:*:*:*:*:*:*:*", "matchCriteriaId": "F5B6A3F5-1C14-4001-9B63-8F75C25850AB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_storage_850_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "9EC9291B-FF03-463E-A935-267E11B2AC0B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_storage_850:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8D43021-CFF4-4AA8-A926-97D093EFED9B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_storage_900_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1DD66DB1-9FFE-4C04-A518-AB93C3F513A5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_storage_900:-:*:*:*:*:*:*:*", "matchCriteriaId": "72879781-EA14-49DC-9586-E6FF3871E0E4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_storage_1000_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "0892FC47-F5B2-4655-9FCE-6CE1F83012C3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_storage_1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "98D59F07-E40A-4801-B552-B8CD9B948741", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_storage_2200_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "A867B7BA-E6ED-4E7B-A660-95E7B7140644", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_storage_2200:-:*:*:*:*:*:*:*", "matchCriteriaId": "FAC1DC9B-F825-4E56-BAF6-8A1F2997F2B6", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_central_storage_2500-ev_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "FCB33BAA-3995-4914-8DB0-D43A4762A6A9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_central_storage_2500-ev:-:*:*:*:*:*:*:*", "matchCriteriaId": "B488C87D-A594-49E1-B5D9-F951EE180304", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:sma:sunny_boy_storage_2.5_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B282A58C-280A-48BA-B454-980B21FAE9AA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:sma:sunny_boy_storage_2.5:-:*:*:*:*:*:*:*", "matchCriteriaId": "AAF5AD56-F1CF-4383-B676-9935BD50BBE3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company (but are sometimes changed). Hidden user accounts have (at least in some cases, though more research is required to test this for all hidden user accounts) a fixed password for all devices; it can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts. NOTE: the vendor reports that it has no influence on the allocation of passwords, and that global hardcoded master passwords do not exist. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"}, {"lang": "es", "value": "** EN DISPUTA ** Se ha descubierto un problema de gesti\u00f3n de contrase\u00f1as incorrecto en los productos de SMA Solar Technology. Existen contrase\u00f1as predeterminadas que rara vez se modifican. Las contrase\u00f1as de usuario casi siempre ser\u00e1n las predeterminadas. Se espera que las contrase\u00f1as de los instaladores sean predeterminadas o similares en todas las instalaciones realizadas por la misma empresa (pero a veces se cambian). Las cuentas de usuario ocultas tienen (al menos en algunos casos, aunque se requiere m\u00e1s investigaci\u00f3n para probar esto para todas las cuentas de usuario ocultas) una contrase\u00f1a fija para todos los dispositivos; nunca puede ser cambiada por un usuario. Existen otras vulnerabilidades que permiten a un atacante obtener las contrase\u00f1as de estas cuentas de usuario ocultas. NOTA: el proveedor informa de que no tiene ninguna influencia en la asignaci\u00f3n de contrase\u00f1as y de que no existen contrase\u00f1as maestras globales con c\u00f3digo duro. Adem\u00e1s, s\u00f3lo Sunny Boy TLST-21 y TL-21 y Sunny Tripower TL-10 y TL-30 podr\u00edan verse afectados."}], "id": "CVE-2017-9852", "lastModified": "2024-08-05T18:15:29.483", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-08-05T17:29:00.457", "references": [{"source": "cve@mitre.org", "url": "http://www.sma.de/en/statement-on-cyber-security.html"}, {"source": "cve@mitre.org", "url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://horusscenario.com/CVE-information/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}