Vulnerability in SMA Solar Technology Products: Unauthorized Time Modification
CVE-2017-9864

7.5HIGH

Key Information:

Vendor

Sma

Status
Sunny Boy 3600 Firmware
Vendor
CVE Published:
5 August 2017

What is CVE-2017-9864?

An identified issue in SMA Solar Technology products allows an attacker to modify the plant time without any authentication. While this alteration may influence log-entry timestamps and consequently impact data analysis reliability, the vendor notes that these changes are primarily limited to log timestamps and are corrected later through Network Time Protocol (NTP) synchronization. Notably, the potential impact on lockout policies and random-number generators has been downplayed, indicating that the security implications may be less severe than initially perceived. The vulnerability specifically affects the Sunny Boy TLST-21, TL-21, and Sunny Tripower TL-10 and TL-30 models.

References

http://www.sma.de/en/statement-on-cyber-security.html
x_refsource_MISC
https://horusscenario.com/CVE-information/
x_refsource_MISC
http://www.sma.de/fileadmin/content/global/specials/docum...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.