Weak Password Encryption in SMA Solar Technology Inverters
CVE-2017-9859

9.8CRITICAL

Key Information:

Vendor

Sma

Status
Sunny Boy 3600 Firmware
Vendor
CVE Published:
5 August 2017

What is CVE-2017-9859?

An identified vulnerability in SMA Solar Technology's inverters arises from the use of a weak hashing algorithm employed for encrypting passwords during REGISTER requests. This vulnerability allows attackers to potentially crack passwords using offline tools. Successful exploitation could enable malicious actors to register on SMA servers, raising security concerns for users. Despite the vendor's assertion that the likelihood of such attacks is low, the issue remains critical for users of the affected inverter models.

References

http://www.sma.de/en/statement-on-cyber-security.html
x_refsource_MISC
https://horusscenario.com/CVE-information/
x_refsource_MISC
http://www.sma.de/fileadmin/content/global/specials/docum...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.