Details of VAR-201708-1536

ID

VAR-201708-1536

CVE

CVE-2017-9854

TITLE

plural SMA Solar Technology Information disclosure vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-006906

DESCRIPTION

An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. These passwords can then be used to compromise the overall device. NOTE: the vendor reports that exploitation likelihood is low because these packets are usually sent only once during installation. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This issue has not been confirmed as a vulnerability. Vendors are challenging this vulnerability. See below for details NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9854Information is acquired, information is falsified, and denial of service (DoS) May be in a state. SMASolarTechnologySunnyExplorer is a photovoltaic device management software from SMA Germany. An attacker could exploit the vulnerability to obtain information and create and save a .txt file

Trust: 2.25

sources: NVD: CVE-2017-9854 // JVNDB: JVNDB-2017-006906 // CNVD: CNVD-2017-28424 // VULHUB: VHN-118057

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-28424

AFFECTED PRODUCTS

vendor:	sma	model:	sunny central storage 720	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 760	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 800	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 500	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 1000	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 2200	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 2500-ev	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 850	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 900	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny boy storage 2.5	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central 630cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3600tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 5000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 4.0	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 500cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3.6	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 25000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 12000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 2200	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 2.5	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 800cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 630	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 60	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 5.0	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 720cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 760cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3.0	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower core1	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 900cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 20000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 4000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 1.5	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3600	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 5000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 5000	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 1000cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 850cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 15000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma solar	model:	sunny boy 1.5	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 2.5	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3.0	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3.6	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3600	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3600tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 4.0	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 4000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 5.0	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 5000	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 5000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy storage 2.5	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 1000cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 2200	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 500cp	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 630cp	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 720cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 760cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 800cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 850cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 900cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 1000	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 2200	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 2500-ev	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 500	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 630	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 720	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 760	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 800	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 850	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 900	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 12000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 15000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 20000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 25000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 5000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 60	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower core1	scope:	-	version:	-	Trust: 0.8
vendor:	sma	model:	solar technology sunny explorer	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-28424 // JVNDB: JVNDB-2017-006906 // CNNVD: CNNVD-201708-206 // NVD: CVE-2017-9854

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9854
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-9854
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2017-28424
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201708-206
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-118057
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-9854
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-28424
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118057
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9854
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-28424 // VULHUB: VHN-118057 // JVNDB: JVNDB-2017-006906 // CNNVD: CNNVD-201708-206 // NVD: CVE-2017-9854

PROBLEMTYPE DATA

problemtype:	CWE-311	Trust: 1.1
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-118057 // JVNDB: JVNDB-2017-006906 // NVD: CVE-2017-9854

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-206

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201708-206

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006906

PATCH

title:	WHITEPAPER CYBER SECURITY	url:	https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf	Trust: 0.8
title:	Statement on Cyber Security	url:	https://www.sma.de/en/statement-on-cyber-security.html	Trust: 0.8

sources: JVNDB: JVNDB-2017-006906

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9854	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-006906	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-206	Trust: 0.7
db:	CNVD	id:	CNVD-2017-28424	Trust: 0.6
db:	VULHUB	id:	VHN-118057	Trust: 0.1

sources: CNVD: CNVD-2017-28424 // VULHUB: VHN-118057 // JVNDB: JVNDB-2017-006906 // CNNVD: CNNVD-201708-206 // NVD: CVE-2017-9854

REFERENCES

url:	https://horusscenario.com/cve-information/	Trust: 2.3
url:	http://www.sma.de/en/statement-on-cyber-security.html	Trust: 1.7
url:	http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9854	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9854	Trust: 0.8

sources: CNVD: CNVD-2017-28424 // VULHUB: VHN-118057 // JVNDB: JVNDB-2017-006906 // CNNVD: CNNVD-201708-206 // NVD: CVE-2017-9854

SOURCES

db:	CNVD	id:	CNVD-2017-28424
db:	VULHUB	id:	VHN-118057
db:	JVNDB	id:	JVNDB-2017-006906
db:	CNNVD	id:	CNNVD-201708-206
db:	NVD	id:	CVE-2017-9854

LAST UPDATE DATE

2025-04-20T23:29:34.790000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-28424	date:	2017-09-27T00:00:00
db:	VULHUB	id:	VHN-118057	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-006906	date:	2017-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201708-206	date:	2019-10-23T00:00:00
db:	NVD	id:	CVE-2017-9854	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-28424	date:	2017-09-26T00:00:00
db:	VULHUB	id:	VHN-118057	date:	2017-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-006906	date:	2017-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201708-206	date:	2017-08-09T00:00:00
db:	NVD	id:	CVE-2017-9854	date:	2017-08-05T17:29:00.520