ID

VAR-201708-1521


CVE

CVE-2017-9851


TITLE

plural SMA Solar Technology Data processing vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-006903

DESCRIPTION

An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9851Service operation interruption (DoS) There is a possibility of being put into a state. SMASolarTechnologySunnyExplorerprogram is a photovoltaic device management software from SMA Germany. A denial of service vulnerability exists in SMASolarTechnologySunnyExplorerprogram. An attacker could exploit the vulnerability to cause a denial of service

Trust: 2.16

sources: NVD: CVE-2017-9851 // JVNDB: JVNDB-2017-006903 // CNVD: CNVD-2017-28423

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-28423

AFFECTED PRODUCTS

vendor:smamodel:sunny explorerscope:eqversion: -

Trust: 1.6

vendor:sma solarmodel:sunny explorerscope: - version: -

Trust: 0.8

vendor:smamodel:solar technology sunny explorer programscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-28423 // JVNDB: JVNDB-2017-006903 // CNNVD: CNNVD-201708-209 // NVD: CVE-2017-9851

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9851
value: HIGH

Trust: 1.0

NVD: CVE-2017-9851
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-28423
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201708-209
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2017-9851
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-28423
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-9851
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-28423 // JVNDB: JVNDB-2017-006903 // CNNVD: CNNVD-201708-209 // NVD: CVE-2017-9851

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-19

Trust: 0.8

sources: JVNDB: JVNDB-2017-006903 // NVD: CVE-2017-9851

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-209

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201708-209

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006903

PATCH

title:Statement on Cyber Securityurl:https://www.sma.de/en/statement-on-cyber-security.html

Trust: 0.8

title:WHITEPAPER CYBER SECURITYurl:https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2017-006903

EXTERNAL IDS

db:NVDid:CVE-2017-9851

Trust: 3.0

db:JVNDBid:JVNDB-2017-006903

Trust: 0.8

db:CNVDid:CNVD-2017-28423

Trust: 0.6

db:CNNVDid:CNNVD-201708-209

Trust: 0.6

sources: CNVD: CNVD-2017-28423 // JVNDB: JVNDB-2017-006903 // CNNVD: CNNVD-201708-209 // NVD: CVE-2017-9851

REFERENCES

url:https://horusscenario.com/cve-information/

Trust: 2.2

url:http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf

Trust: 1.6

url:http://www.sma.de/en/statement-on-cyber-security.html

Trust: 1.6

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9851

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-9851

Trust: 0.8

sources: CNVD: CNVD-2017-28423 // JVNDB: JVNDB-2017-006903 // CNNVD: CNNVD-201708-209 // NVD: CVE-2017-9851

SOURCES

db:CNVDid:CNVD-2017-28423
db:JVNDBid:JVNDB-2017-006903
db:CNNVDid:CNNVD-201708-209
db:NVDid:CVE-2017-9851

LAST UPDATE DATE

2025-04-20T23:42:10.212000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2017-28423date:2017-09-27T00:00:00
db:JVNDBid:JVNDB-2017-006903date:2017-09-06T00:00:00
db:CNNVDid:CNNVD-201708-209date:2019-10-23T00:00:00
db:NVDid:CVE-2017-9851date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:CNVDid:CNVD-2017-28423date:2017-09-26T00:00:00
db:JVNDBid:JVNDB-2017-006903date:2017-09-06T00:00:00
db:CNNVDid:CNNVD-201708-209date:2017-08-09T00:00:00
db:NVDid:CVE-2017-9851date:2017-08-05T17:29:00.427