An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Metrics

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00176.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Sma Subscribe
Sunny Boy 1.5 Subscribe
Sunny Boy 1.5 Firmware Subscribe
Sunny Boy 2.5 Subscribe
Sunny Boy 2.5 Firmware Subscribe
Sunny Boy 3.0 Subscribe
Sunny Boy 3.0 Firmware Subscribe
Sunny Boy 3.6 Subscribe
Sunny Boy 3.6 Firmware Subscribe
Sunny Boy 3000tl Subscribe
Sunny Boy 3000tl Firmware Subscribe
Sunny Boy 3600 Subscribe
Sunny Boy 3600 Firmware Subscribe
Sunny Boy 3600tl Subscribe
Sunny Boy 3600tl Firmware Subscribe
Sunny Boy 4.0 Subscribe
Sunny Boy 4.0 Firmware Subscribe
Sunny Boy 4000tl Subscribe
Sunny Boy 4000tl Firmware Subscribe
Sunny Boy 5.0 Subscribe
Sunny Boy 5.0 Firmware Subscribe
Sunny Boy 5000 Subscribe
Sunny Boy 5000 Firmware Subscribe
Sunny Boy 5000tl Subscribe
Sunny Boy 5000tl Firmware Subscribe
Sunny Boy Storage 2.5 Subscribe
Sunny Boy Storage 2.5 Firmware Subscribe
Sunny Central 1000cp Xt Subscribe
Sunny Central 1000cp Xt Firmware Subscribe
Sunny Central 2200 Subscribe
Sunny Central 2200 Firmware Subscribe
Sunny Central 500cp Xt Subscribe
Sunny Central 500cp Xt Firmware Subscribe
Sunny Central 630cp Xt Subscribe
Sunny Central 630cp Xt Firmware Subscribe
Sunny Central 720cp Xt Subscribe
Sunny Central 720cp Xt Firmware Subscribe
Sunny Central 760cp Xt Subscribe
Sunny Central 760cp Xt Firmware Subscribe
Sunny Central 800cp Xt Subscribe
Sunny Central 800cp Xt Firmware Subscribe
Sunny Central 850cp Xt Subscribe
Sunny Central 850cp Xt Firmware Subscribe
Sunny Central 900cp Xt Subscribe
Sunny Central 900cp Xt Firmware Subscribe
Sunny Central Storage 1000 Subscribe
Sunny Central Storage 1000 Firmware Subscribe
Sunny Central Storage 2200 Subscribe
Sunny Central Storage 2200 Firmware Subscribe
Sunny Central Storage 2500-ev Subscribe
Sunny Central Storage 2500-ev Firmware Subscribe
Sunny Central Storage 500 Subscribe
Sunny Central Storage 500 Firmware Subscribe
Sunny Central Storage 630 Subscribe
Sunny Central Storage 630 Firmware Subscribe
Sunny Central Storage 720 Subscribe
Sunny Central Storage 720 Firmware Subscribe
Sunny Central Storage 760 Subscribe
Sunny Central Storage 760 Firmware Subscribe
Sunny Central Storage 800 Subscribe
Sunny Central Storage 800 Firmware Subscribe
Sunny Central Storage 850 Subscribe
Sunny Central Storage 850 Firmware Subscribe
Sunny Central Storage 900 Subscribe
Sunny Central Storage 900 Firmware Subscribe
Sunny Tripower 12000tl Subscribe
Sunny Tripower 12000tl Firmware Subscribe
Sunny Tripower 15000tl Subscribe
Sunny Tripower 15000tl Firmware Subscribe
Sunny Tripower 20000tl Subscribe
Sunny Tripower 20000tl Firmware Subscribe
Sunny Tripower 25000tl Subscribe
Sunny Tripower 25000tl Firmware Subscribe
Sunny Tripower 5000tl Subscribe
Sunny Tripower 5000tl Firmware Subscribe
Sunny Tripower 60 Subscribe
Sunny Tripower 60 Firmware Subscribe
Sunny Tripower Core1 Subscribe
Sunny Tripower Core1 Firmware Subscribe

Configuration 1 [-]

AND
cpe:2.3:o:sma:sunny_boy_3600_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_3600:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND
cpe:2.3:o:sma:sunny_boy_5000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_5000:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND
cpe:2.3:o:sma:sunny_tripower_core1_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_core1:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND
cpe:2.3:o:sma:sunny_tripower_15000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_15000tl:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND
cpe:2.3:o:sma:sunny_tripower_20000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_20000tl:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND
cpe:2.3:o:sma:sunny_tripower_25000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_25000tl:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND
cpe:2.3:o:sma:sunny_tripower_5000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_5000tl:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND
cpe:2.3:o:sma:sunny_tripower_12000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_12000tl:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND
cpe:2.3:o:sma:sunny_tripower_60_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_tripower_60:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND
cpe:2.3:o:sma:sunny_boy_3000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_3000tl:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND
cpe:2.3:o:sma:sunny_boy_3600tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_3600tl:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND
cpe:2.3:o:sma:sunny_boy_4000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_4000tl:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND
cpe:2.3:o:sma:sunny_boy_5000tl_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_5000tl:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND
cpe:2.3:o:sma:sunny_boy_1.5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_1.5:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND
cpe:2.3:o:sma:sunny_boy_2.5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_2.5:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND
cpe:2.3:o:sma:sunny_boy_3.0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_3.0:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND
cpe:2.3:o:sma:sunny_boy_3.6_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_3.6:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND
cpe:2.3:o:sma:sunny_boy_4.0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_4.0:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND
cpe:2.3:o:sma:sunny_boy_5.0_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_5.0:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND
cpe:2.3:o:sma:sunny_central_2200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_2200:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND
cpe:2.3:o:sma:sunny_central_1000cp_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_1000cp_xt:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND
cpe:2.3:o:sma:sunny_central_800cp_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_800cp_xt:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND
cpe:2.3:o:sma:sunny_central_850cp_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_850cp_xt:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND
cpe:2.3:o:sma:sunny_central_900cp_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_900cp_xt:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND
cpe:2.3:o:sma:sunny_central_500cp_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_500cp_xt:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND
cpe:2.3:o:sma:sunny_central_630cp_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_630cp_xt:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND
cpe:2.3:o:sma:sunny_central_720cp_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_720cp_xt:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND
cpe:2.3:o:sma:sunny_central_760cp_xt_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_760cp_xt:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_500:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_630_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_630:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_720_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_720:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_760_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_760:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_800_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_800:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_850_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_850:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_900_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_900:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_1000_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_1000:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_2200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_2200:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND
cpe:2.3:o:sma:sunny_central_storage_2500-ev_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_central_storage_2500-ev:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND
cpe:2.3:o:sma:sunny_boy_storage_2.5_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:sma:sunny_boy_storage_2.5:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://www.sma.de/en/statement-on-cyber-security.html cve-icon cve-icon cve-icon
http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf cve-icon cve-icon cve-icon
https://horusscenario.com/CVE-information/ cve-icon cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T17:18:01.935Z

Reserved: 2017-06-24T00:00:00

Link: CVE-2017-9856

cve-icon Vulnrichment

Updated: 2024-08-05T17:18:01.935Z

cve-icon NVD

Status : Deferred

Published: 2017-08-05T17:29:00.583

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-9856

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses