Details of VAR-201708-1539

ID

VAR-201708-1539

CVE

CVE-2017-9857

TITLE

plural SMA Solar Technology Authentication vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2017-006909

DESCRIPTION

An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected. ** Unsettled ** This case has not been confirmed as a vulnerability. The vendor has disputed this vulnerability. For details, see NVD of Current Description Please Confirm. https://nvd.nist.gov/vuln/detail/CVE-2017-9857Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. SMASolarTechnologyinverter is a photovoltaic inverter device from SMA Germany. A security vulnerability exists in SMASolarTechnologyinverter that stems from a failure to properly use cryptographic authentication. An attacker can exploit this vulnerability to implement man-in-the-middle and replay attacks and change settings

Trust: 2.25

sources: NVD: CVE-2017-9857 // JVNDB: JVNDB-2017-006909 // CNVD: CNVD-2017-27844 // VULHUB: VHN-118060

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-27844

AFFECTED PRODUCTS

vendor:	sma	model:	sunny central storage 720	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 760	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 800	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 1000	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 2200	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 630	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 2500-ev	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 850	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central storage 900	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny boy storage 2.5	scope:	eq	version:	-	Trust: 1.6
vendor:	sma	model:	sunny central 630cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3600tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 5000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 4.0	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 500cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3.6	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 25000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 12000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central storage 500	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 2200	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 2.5	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 800cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 60	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 5.0	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 720cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 760cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3.0	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower core1	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 900cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 20000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 4000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 1.5	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 3600	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 5000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny boy 5000	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 1000cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny central 850cp xt	scope:	eq	version:	-	Trust: 1.0
vendor:	sma	model:	sunny tripower 15000tl	scope:	eq	version:	-	Trust: 1.0
vendor:	sma solar	model:	sunny boy 1.5	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 2.5	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3.0	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3.6	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3600	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 3600tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 4.0	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 4000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 5.0	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 5000	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy 5000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny boy storage 2.5	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 1000cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 2200	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 500cp	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 630cp	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 720cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 760cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 800cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 850cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central 900cp xt	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 1000	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 2200	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 2500-ev	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 500	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 630	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 720	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 760	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 800	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 850	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny central storage 900	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 12000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 15000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 20000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 25000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 5000tl	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower 60	scope:	-	version:	-	Trust: 0.8
vendor:	sma solar	model:	sunny tripower core1	scope:	-	version:	-	Trust: 0.8
vendor:	sma	model:	solar technology inverter	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2017-27844 // JVNDB: JVNDB-2017-006909 // CNNVD: CNNVD-201708-203 // NVD: CVE-2017-9857

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-9857
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-9857
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-27844
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201708-203
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118060
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-9857
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2017-27844
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118060
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-9857
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2017-27844 // VULHUB: VHN-118060 // JVNDB: JVNDB-2017-006909 // CNNVD: CNNVD-201708-203 // NVD: CVE-2017-9857

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-118060 // JVNDB: JVNDB-2017-006909 // NVD: CVE-2017-9857

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-203

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201708-203

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-006909

PATCH

title:	Statement on Cyber Security	url:	https://www.sma.de/en/statement-on-cyber-security.html	Trust: 0.8
title:	WHITEPAPER CYBER SECURITY	url:	https://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf	Trust: 0.8

sources: JVNDB: JVNDB-2017-006909

EXTERNAL IDS

db:	NVD	id:	CVE-2017-9857	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-006909	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-203	Trust: 0.7
db:	CNVD	id:	CNVD-2017-27844	Trust: 0.6
db:	VULHUB	id:	VHN-118060	Trust: 0.1

sources: CNVD: CNVD-2017-27844 // VULHUB: VHN-118060 // JVNDB: JVNDB-2017-006909 // CNNVD: CNNVD-201708-203 // NVD: CVE-2017-9857

REFERENCES

url:	https://horusscenario.com/cve-information/	Trust: 2.3
url:	http://www.sma.de/en/statement-on-cyber-security.html	Trust: 1.1
url:	http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/whitepaper-cyber-security-aen1732_07.pdf	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9857	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-9857	Trust: 0.8

sources: CNVD: CNVD-2017-27844 // VULHUB: VHN-118060 // JVNDB: JVNDB-2017-006909 // CNNVD: CNNVD-201708-203 // NVD: CVE-2017-9857

SOURCES

db:	CNVD	id:	CNVD-2017-27844
db:	VULHUB	id:	VHN-118060
db:	JVNDB	id:	JVNDB-2017-006909
db:	CNNVD	id:	CNNVD-201708-203
db:	NVD	id:	CVE-2017-9857

LAST UPDATE DATE

2025-04-20T23:24:54.516000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-27844	date:	2017-09-21T00:00:00
db:	VULHUB	id:	VHN-118060	date:	2017-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-006909	date:	2017-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201708-203	date:	2017-08-11T00:00:00
db:	NVD	id:	CVE-2017-9857	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-27844	date:	2017-09-21T00:00:00
db:	VULHUB	id:	VHN-118060	date:	2017-08-05T00:00:00
db:	JVNDB	id:	JVNDB-2017-006909	date:	2017-09-06T00:00:00
db:	CNNVD	id:	CNNVD-201708-203	date:	2017-08-11T00:00:00
db:	NVD	id:	CVE-2017-9857	date:	2017-08-05T17:29:00.613