Sign-up

ID

VAR-201708-1532


CVE

CVE-2017-9860


TITLE

SMA Solar Technology inverter Access Control Error Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2017-27836 // CNNVD: CNNVD-201708-200

DESCRIPTION

An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version that is accepted by the inverter, the inverter is compromised completely. This allows the attacker to do nearly anything: for example, giving access to the local OS, creating a botnet, using the inverters as a stepping stone into companies, etc. NOTE: the vendor reports that this attack has always been blocked by "a final integrity and compatibility check." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9860Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. An attacker could exploit the vulnerability to upgrade the firmware of the device

Trust: 2.34

sources: NVD: CVE-2017-9860 // JVNDB: JVNDB-2017-006890 // CNVD: CNVD-2017-27836 // VULHUB: VHN-118063 // VULMON: CVE-2017-9860

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

category:['industrial device']sub_category:solar inverter

Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2017-27836

AFFECTED PRODUCTS

vendor:smamodel:sunny tripower 60scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny boy 3600scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny tripower 20000tlscope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny tripower 5000tlscope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny tripower core1scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny boy 5000scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny boy 3000tlscope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny tripower 12000tlscope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny tripower 15000tlscope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny tripower 25000tlscope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central 630cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy storage 2.5scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3600tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 720scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 760scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 800scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 4.0scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 500cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3.6scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 500scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 2200scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 2200scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 2.5scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 800cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 630scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 5.0scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 720cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 760cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3.0scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 900cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 4000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 1.5scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 5000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 900scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 1000scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 850scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 1000cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 850cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 2500-evscope:eqversion: -

Trust: 1.0

vendor:sma solarmodel:sunny boy 1.5scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 2.5scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3.0scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3.6scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3600scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3600tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 4.0scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 4000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 5.0scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 5000scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 5000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy storage 2.5scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 1000cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 2200scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 500cpscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 630cpscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 720cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 760cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 800cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 850cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 900cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 1000scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 2200scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 2500-evscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 500scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 630scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 720scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 760scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 800scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 850scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 900scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 12000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 15000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 20000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 25000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 5000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 60scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower core1scope: - version: -

Trust: 0.8

vendor:smamodel:solar technology inverterscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-27836 // JVNDB: JVNDB-2017-006890 // CNNVD: CNNVD-201708-200 // NVD: CVE-2017-9860

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9860
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-9860
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-27836
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201708-200
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118063
value: HIGH

Trust: 0.1

VULMON: CVE-2017-9860
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-9860
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-27836
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118063
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9860
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-27836 // VULHUB: VHN-118063 // VULMON: CVE-2017-9860 // JVNDB: JVNDB-2017-006890 // CNNVD: CNNVD-201708-200 // NVD: CVE-2017-9860

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-118063 // JVNDB: JVNDB-2017-006890 // NVD: CVE-2017-9860

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-200

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201708-200

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006890

PATCH
title:Statement on Cyber Securityurl:https://www.sma.de/en/statement-on-cyber-security.html
Trust: 0.8
title:WHITEPAPER CYBER SECURITYurl:https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-006890

EXTERNAL IDS
db:NVDid:CVE-2017-9860
Trust: 3.3
db:JVNDBid:JVNDB-2017-006890
Trust: 0.8
db:CNNVDid:CNNVD-201708-200
Trust: 0.7
db:CNVDid:CNVD-2017-27836
Trust: 0.6
db:OTHERid:NONE
Trust: 0.1
db:VULHUBid:VHN-118063
Trust: 0.1
db:VULMONid:CVE-2017-9860
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-27836 // 
            
            
            
            VULHUB: VHN-118063 // 
            
            
            
            VULMON: CVE-2017-9860 // 
            
            
            
            JVNDB: JVNDB-2017-006890 // 
            
            
            
            CNNVD: CNNVD-201708-200 // 
            
            
            
            NVD: CVE-2017-9860

REFERENCES
url:https://horusscenario.com/cve-information/
Trust: 2.4
url:http://www.sma.de/en/statement-on-cyber-security.html
Trust: 1.8
url:http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9860
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9860
Trust: 0.8
url:https://ieeexplore.ieee.org/abstract/document/10769424
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/287.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            OTHER: None // 
            
            
            
            CNVD: CNVD-2017-27836 // 
            
            
            
            VULHUB: VHN-118063 // 
            
            
            
            VULMON: CVE-2017-9860 // 
            
            
            
            JVNDB: JVNDB-2017-006890 // 
            
            
            
            CNNVD: CNNVD-201708-200 // 
            
            
            
            NVD: CVE-2017-9860

SOURCES
db:OTHERid: - 
db:CNVDid:CNVD-2017-27836
db:VULHUBid:VHN-118063
db:VULMONid:CVE-2017-9860
db:JVNDBid:JVNDB-2017-006890
db:CNNVDid:CNNVD-201708-200
db:NVDid:CVE-2017-9860

LAST UPDATE DATE
2025-04-20T21:00:24.352000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-27836date:2017-09-21T00:00:00
db:VULHUBid:VHN-118063date:2019-10-03T00:00:00
db:VULMONid:CVE-2017-9860date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-006890date:2017-09-06T00:00:00
db:CNNVDid:CNNVD-201708-200date:2019-10-23T00:00:00
db:NVDid:CVE-2017-9860date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-27836date:2017-09-21T00:00:00
db:VULHUBid:VHN-118063date:2017-08-05T00:00:00
db:VULMONid:CVE-2017-9860date:2017-08-05T00:00:00
db:JVNDBid:JVNDB-2017-006890date:2017-09-06T00:00:00
db:CNNVDid:CNNVD-201708-200date:2017-08-09T00:00:00
db:NVDid:CVE-2017-9860date:2017-08-05T17:29:00.707