An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by "a final integrity and compatibility check." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-08-05T17:00:00

Updated: 2024-08-05T17:18:01.930Z

Reserved: 2017-06-24T00:00:00

Link: CVE-2017-9860

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-08-05T17:29:00.707

Modified: 2024-11-21T03:37:01.220

Link: CVE-2017-9860

cve-icon Redhat

No data.