Sign-up

ID

VAR-201708-1537


CVE

CVE-2017-9855


TITLE

plural SMA Solar Technology Vulnerabilities related to authorization, authority, and access control in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-006907

DESCRIPTION

An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer account, allows changing very sensitive parameters. NOTE: the vendor reports that Grid Guard is not an authentication feature; it is only a tracing feature. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. plural SMA Solar Technology The product contains vulnerabilities related to authorization, permissions, and access control. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9855Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. There is a security hole in SMASolarTechnologyinverter. An attacker could exploit this vulnerability to change sensitive parameters

Trust: 2.25

sources: NVD: CVE-2017-9855 // JVNDB: JVNDB-2017-006907 // CNVD: CNVD-2017-27846 // VULHUB: VHN-118058

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-27846

AFFECTED PRODUCTS

vendor:smamodel:sunny central storage 720scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 760scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central 630cp xtscope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 800scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 1000scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 2200scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 2500-evscope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 850scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny central storage 900scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny boy storage 2.5scope:eqversion: -

Trust: 1.6

vendor:smamodel:sunny boy 3600tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 5000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 4.0scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 500cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3.6scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 25000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 12000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 500scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 2200scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 2.5scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 800cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central storage 630scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 60scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 5.0scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 720cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 760cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3.0scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower core1scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 900cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 20000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 4000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 1.5scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 3600scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 5000tlscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny boy 5000scope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 1000cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny central 850cp xtscope:eqversion: -

Trust: 1.0

vendor:smamodel:sunny tripower 15000tlscope:eqversion: -

Trust: 1.0

vendor:sma solarmodel:sunny boy 1.5scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 2.5scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3.0scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3.6scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3600scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 3600tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 4.0scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 4000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 5.0scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 5000scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy 5000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny boy storage 2.5scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 1000cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 2200scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 500cpscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 630cpscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 720cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 760cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 800cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 850cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central 900cp xtscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 1000scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 2200scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 2500-evscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 500scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 630scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 720scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 760scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 800scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 850scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny central storage 900scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 12000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 15000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 20000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 25000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 5000tlscope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower 60scope: - version: -

Trust: 0.8

vendor:sma solarmodel:sunny tripower core1scope: - version: -

Trust: 0.8

vendor:smamodel:solar technology inverterscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2017-27846 // JVNDB: JVNDB-2017-006907 // CNNVD: CNNVD-201708-205 // NVD: CVE-2017-9855

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9855
value: CRITICAL

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2017-9855
value: CRITICAL

Trust: 1.0

NVD: CVE-2017-9855
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2017-27846
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201708-205
value: CRITICAL

Trust: 0.6

VULHUB: VHN-118058
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-9855
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-27846
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118058
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9855
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2017-9855
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNVD: CNVD-2017-27846 // VULHUB: VHN-118058 // JVNDB: JVNDB-2017-006907 // CNNVD: CNNVD-201708-205 // NVD: CVE-2017-9855 // NVD: CVE-2017-9855

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-863

Trust: 1.0

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-118058 // JVNDB: JVNDB-2017-006907 // NVD: CVE-2017-9855

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-205

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201708-205

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-006907

PATCH
title:Statement on Cyber Securityurl:https://www.sma.de/en/statement-on-cyber-security.html
Trust: 0.8
title:WHITEPAPER CYBER SECURITYurl:https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-006907

EXTERNAL IDS
db:NVDid:CVE-2017-9855
Trust: 3.1
db:JVNDBid:JVNDB-2017-006907
Trust: 0.8
db:CNNVDid:CNNVD-201708-205
Trust: 0.7
db:CNVDid:CNVD-2017-27846
Trust: 0.6
db:VULHUBid:VHN-118058
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-27846 // 
            
            
            
            VULHUB: VHN-118058 // 
            
            
            
            JVNDB: JVNDB-2017-006907 // 
            
            
            
            CNNVD: CNNVD-201708-205 // 
            
            
            
            NVD: CVE-2017-9855

REFERENCES
url:https://horusscenario.com/cve-information/
Trust: 2.3
url:http://www.sma.de/en/statement-on-cyber-security.html
Trust: 1.7
url:http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9855
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9855
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2017-27846 // 
            
            
            
            VULHUB: VHN-118058 // 
            
            
            
            JVNDB: JVNDB-2017-006907 // 
            
            
            
            CNNVD: CNNVD-201708-205 // 
            
            
            
            NVD: CVE-2017-9855

SOURCES
db:CNVDid:CNVD-2017-27846
db:VULHUBid:VHN-118058
db:JVNDBid:JVNDB-2017-006907
db:CNNVDid:CNNVD-201708-205
db:NVDid:CVE-2017-9855

LAST UPDATE DATE
2025-04-20T23:22:12.763000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-27846date:2017-09-21T00:00:00
db:VULHUBid:VHN-118058date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-006907date:2017-09-06T00:00:00
db:CNNVDid:CNNVD-201708-205date:2019-10-23T00:00:00
db:NVDid:CVE-2017-9855date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-27846date:2017-09-21T00:00:00
db:VULHUBid:VHN-118058date:2017-08-05T00:00:00
db:JVNDBid:JVNDB-2017-006907date:2017-09-06T00:00:00
db:CNNVDid:CNNVD-201708-205date:2017-08-09T00:00:00
db:NVDid:CVE-2017-9855date:2017-08-05T17:29:00.553