Sign-up

ID

VAR-201708-1530


CVE

CVE-2017-9858


TITLE

plural SMA Solar Technology Information disclosure vulnerability in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-006910

DESCRIPTION

An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in further attacks (such as a brute force attack) as one now knows exactly which users exist and which do not. NOTE: the vendor's position is that this "is not a security gap per se." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9858Information may be obtained. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. There is a security hole in SMASolarTechnologyinverter

Trust: 2.25

sources: NVD: CVE-2017-9858 // JVNDB: JVNDB-2017-006910 // CNVD: CNVD-2017-27839 // VULHUB: VHN-118061

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-27839

AFFECTED PRODUCTS

vendor:smamodel:sunny central storage 720scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 760scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 800scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 1000scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 2200scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 630scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 2500-evscope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 850scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 900scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny boy storage 2.5scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central 630cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3600tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 5000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 4.0scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 500cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3.6scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 25000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 12000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 500scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 2200scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 2.5scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 800cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 60scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 5.0scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 720cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 760cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3.0scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower core1scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 900cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 20000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 4000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 1.5scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3600scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 5000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 5000scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 1000cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 850cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 15000tlscope:eqversion: -

Trust: 1.0

vendor:sma solarmodel:sunny boy 1.5scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 2.5scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3.0scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3.6scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3600scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3600tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 4.0scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 4000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 5.0scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 5000scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 5000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy storage 2.5scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 1000cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 2200scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 500cpscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 630cpscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 720cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 760cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 800cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 850cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 900cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 1000scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 2200scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 2500-evscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 500scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 630scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 720scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 760scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 800scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 850scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 900scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 12000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 15000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 20000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 25000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 5000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 60scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower core1scope: - version: -

Trust: 0.8

vendor:smamodel:solar technology inverterscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-27839 // JVNDB: JVNDB-2017-006910 // CNNVD: CNNVD-201708-202 // NVD: CVE-2017-9858

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9858
value: HIGH

Trust: 1.0

NVD: CVE-2017-9858
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-27839
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201708-202
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118061
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-9858
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-27839
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118061
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9858
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-27839 // VULHUB: VHN-118061 // JVNDB: JVNDB-2017-006910 // CNNVD: CNNVD-201708-202 // NVD: CVE-2017-9858

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-118061 // JVNDB: JVNDB-2017-006910 // NVD: CVE-2017-9858

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-202

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-202

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006910

PATCH
title:Statement on Cyber Securityurl:https://www.sma.de/en/statement-on-cyber-security.html
Trust: 0.8
title:WHITEPAPER CYBER SECURITYurl:https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-006910

EXTERNAL IDS
db:NVDid:CVE-2017-9858
Trust: 3.1
db:JVNDBid:JVNDB-2017-006910
Trust: 0.8
db:CNNVDid:CNNVD-201708-202
Trust: 0.7
db:CNVDid:CNVD-2017-27839
Trust: 0.6
db:VULHUBid:VHN-118061
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-27839 // 
            
            
            
            VULHUB: VHN-118061 // 
            
            
            
            JVNDB: JVNDB-2017-006910 // 
            
            
            
            CNNVD: CNNVD-201708-202 // 
            
            
            
            NVD: CVE-2017-9858

REFERENCES
url:https://horusscenario.com/cve-information/
Trust: 2.3
url:http://www.sma.de/en/statement-on-cyber-security.html
Trust: 1.1
url:http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9858
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9858
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-27839 // 
            
            
            
            VULHUB: VHN-118061 // 
            
            
            
            JVNDB: JVNDB-2017-006910 // 
            
            
            
            CNNVD: CNNVD-201708-202 // 
            
            
            
            NVD: CVE-2017-9858

SOURCES
db:CNVDid:CNVD-2017-27839
db:VULHUBid:VHN-118061
db:JVNDBid:JVNDB-2017-006910
db:CNNVDid:CNNVD-201708-202
db:NVDid:CVE-2017-9858

LAST UPDATE DATE
2025-04-20T23:25:57.941000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-27839date:2017-09-21T00:00:00
db:VULHUBid:VHN-118061date:2017-08-22T00:00:00
db:JVNDBid:JVNDB-2017-006910date:2017-09-06T00:00:00
db:CNNVDid:CNNVD-201708-202date:2017-08-09T00:00:00
db:NVDid:CVE-2017-9858date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-27839date:2017-09-21T00:00:00
db:VULHUBid:VHN-118061date:2017-08-05T00:00:00
db:JVNDBid:JVNDB-2017-006910date:2017-09-06T00:00:00
db:CNNVDid:CNNVD-201708-202date:2017-08-09T00:00:00
db:NVDid:CVE-2017-9858date:2017-08-05T17:29:00.647