Details of VAR-201708-1526

ID

VAR-201708-1526

CVE

CVE-2017-9864

TITLE

plural SMA Solar Technology Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-006913

DESCRIPTION

An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout policies and random-number generators based on timestamps, and makes timestamps for data analysis unreliable. NOTE: the vendor reports that this is largely irrelevant because it only affects log-entry timestamps, and because the plant time would later be reset via NTP. (It has never been the case that a lockout policy or random-number generator was affected.) Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. plural SMA Solar Technology The product contains vulnerabilities related to authorization, permissions, and access control. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9864Information may be tampered with. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. SMASolarTechnologyinverter has an access control error vulnerability

Trust: 2.25

sources: NVD: CVE-2017-9864 // JVNDB: JVNDB-2017-006913 // CNVD: CNVD-2017-27841 // VULHUB: VHN-118067

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-27841

AFFECTED PRODUCTS

vendor:	sma	model:	sunny tripower 60	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny boy 3600	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny tripower 20000tl	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny tripower 5000tl	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny tripower core1	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny boy 5000	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny boy 3000tl	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny tripower 12000tl	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny tripower 15000tl	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny tripower 25000tl	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central 630cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy storage 2.5	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3600tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 720	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 760	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 800	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 4.0	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 500cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3.6	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 500	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 2200	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 2200	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 2.5	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 800cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 630	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 5.0	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 720cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 760cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3.0	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 900cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 4000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 1.5	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 5000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 900	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 1000	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 850	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 1000cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 850cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 2500-ev	scope:	eq	version:	-	Trust: 1.0
vendor:	sma solar	model:	sunny boy 1.5	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 2.5	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3.0	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3.6	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3600	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3600tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 4.0	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 4000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 5.0	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 5000	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 5000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy storage 2.5	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 1000cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 2200	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 500cp	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 630cp	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 720cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 760cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 800cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 850cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 900cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 1000	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 2200	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 2500-ev	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 500	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 630	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 720	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 760	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 800	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 850	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 900	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 12000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 15000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 20000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 25000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 5000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 60	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower core1	scope:	-	version:	-	Trust: 0.8
vendor:	sma	model:	solar technology inverter	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-27841 // JVNDB: JVNDB-2017-006913 // CNNVD: CNNVD-201708-196 // NVD: CVE-2017-9864

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9864
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-9864
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-27841
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201708-196
value:	HIGH
Trust: 0.6
VULHUB:	VHN-118067
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-9864
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-27841
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118067
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9864
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-27841 // VULHUB: VHN-118067 // JVNDB: JVNDB-2017-006913 // CNNVD: CNNVD-201708-196 // NVD: CVE-2017-9864

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-264	Trust: 0.9

sources: VULHUB: VHN-118067 // JVNDB: JVNDB-2017-006913 // NVD: CVE-2017-9864

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-196

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201708-196

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006913

PATCH

title:	Statement on Cyber Security	url:	https://www.sma.de/en/statement-on-cyber-security.html	Trust: 0.8
title:	WHITEPAPER CYBER SECURITY	url:	https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf	Trust: 0.8

sources: JVNDB: JVNDB-2017-006913

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9864	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-006913	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-196	Trust: 0.7
db:	CNVD	id:	CNVD-2017-27841	Trust: 0.6
db:	VULHUB	id:	VHN-118067	Trust: 0.1

sources: CNVD: CNVD-2017-27841 // VULHUB: VHN-118067 // JVNDB: JVNDB-2017-006913 // CNNVD: CNNVD-201708-196 // NVD: CVE-2017-9864

REFERENCES

url:	https://horusscenario.com/cve-information/	Trust: 2.3
url:	http://www.sma.de/en/statement-on-cyber-security.html	Trust: 1.7
url:	http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9864	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9864	Trust: 0.8

sources: CNVD: CNVD-2017-27841 // VULHUB: VHN-118067 // JVNDB: JVNDB-2017-006913 // CNNVD: CNNVD-201708-196 // NVD: CVE-2017-9864

SOURCES

db:	CNVD	id:	CNVD-2017-27841
db:	VULHUB	id:	VHN-118067
db:	JVNDB	id:	JVNDB-2017-006913
db:	CNNVD	id:	CNNVD-201708-196
db:	NVD	id:	CVE-2017-9864

LAST UPDATE DATE

2025-04-20T23:42:57.652000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-27841	date:	2017-09-21T00:00:00
db:	VULHUB	id:	VHN-118067	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-006913	date:	2017-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201708-196	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-9864	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-27841	date:	2017-09-21T00:00:00
db:	VULHUB	id:	VHN-118067	date:	2017-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-006913	date:	2017-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201708-196	date:	2017-08-10T00:00:00
db:	NVD	id:	CVE-2017-9864	date:	2017-08-05T17:29:00.850