← Back

CVE-2017-9863

nvd nist
Published: Aug 5, 2017Modified: May 13, 2026

JSON object

Loading...
8.8
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Affected (40)

Products: Sma: Sunny Boy 3600 Firmware, Sunny Boy 5000 Firmware, Sunny Tripower Core1 Firmware, Sunny Tripower 15000tl Firmware, Sunny Tripower 20000tl Firmware, Sunny Tripower 25000tl Firmware, Sunny Tripower 5000tl Firmware, Sunny Tripower 12000tl Firmware, Sunny Tripower 60 Firmware, Sunny Boy 3000tl Firmware, Sunny Boy 3600tl Firmware, Sunny Boy 4000tl Firmware, Sunny Boy 5000tl Firmware, Sunny Boy 1.5 Firmware, Sunny Boy 2.5 Firmware, Sunny Boy 3.0 Firmware, Sunny Boy 3.6 Firmware, Sunny Boy 4.0 Firmware, Sunny Boy 5.0 Firmware, Sunny Central 2200 Firmware, Sunny Central 1000cp Xt Firmware, Sunny Central 800cp Xt Firmware, Sunny Central 850cp Xt Firmware, Sunny Central 900cp Xt Firmware, Sunny Central 500cp Xt Firmware, Sunny Central 630cp Xt Firmware, Sunny Central 720cp Xt Firmware, Sunny Central 760cp Xt Firmware, Sunny Central Storage 500 Firmware, Sunny Central Storage 630 Firmware, Sunny Central Storage 720 Firmware, Sunny Central Storage 760 Firmware, Sunny Central Storage 800 Firmware, Sunny Central Storage 850 Firmware, Sunny Central Storage 900 Firmware, Sunny Central Storage 1000 Firmware, Sunny Central Storage 2200 Firmware, Sunny Central Storage 2500 Ev Firmware, Sunny Boy Storage 2.5 Firmware, Sunny Explorer
Sma
40 products
Sunny Boy 3600 Firmware
Sunny Boy 5000 Firmware
Sunny Tripower Core1 Firmware
Sunny Tripower 15000tl Firmware
Sunny Tripower 20000tl Firmware
Sunny Tripower 25000tl Firmware
Sunny Tripower 5000tl Firmware
Sunny Tripower 12000tl Firmware
Sunny Tripower 60 Firmware
Sunny Boy 3000tl Firmware
Sunny Boy 3600tl Firmware
Sunny Boy 4000tl Firmware
Sunny Boy 5000tl Firmware
Sunny Boy 1.5 Firmware
Sunny Boy 2.5 Firmware
Sunny Boy 3.0 Firmware
Sunny Boy 3.6 Firmware
Sunny Boy 4.0 Firmware
Sunny Boy 5.0 Firmware
Sunny Central 2200 Firmware
Sunny Central 1000cp Xt Firmware
Sunny Central 800cp Xt Firmware
Sunny Central 850cp Xt Firmware
Sunny Central 900cp Xt Firmware
Sunny Central 500cp Xt Firmware
Sunny Central 630cp Xt Firmware
Sunny Central 720cp Xt Firmware
Sunny Central 760cp Xt Firmware
Sunny Central Storage 500 Firmware
Sunny Central Storage 630 Firmware
Sunny Central Storage 720 Firmware
Sunny Central Storage 760 Firmware
Sunny Central Storage 800 Firmware
Sunny Central Storage 850 Firmware
Sunny Central Storage 900 Firmware
Sunny Central Storage 1000 Firmware
Sunny Central Storage 2200 Firmware
Sunny Central Storage 2500 Ev Firmware
Sunny Boy Storage 2.5 Firmware
Sunny Explorer
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 3600 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 3600
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 5000 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 5000
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Tripower Core1 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Tripower Core1
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Tripower 15000tl Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Tripower 15000tl
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Tripower 20000tl Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Tripower 20000tl
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Tripower 25000tl Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Tripower 25000tl
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Tripower 5000tl Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Tripower 5000tl
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Tripower 12000tl Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Tripower 12000tl
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Tripower 60 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Tripower 60
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 3000tl Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 3000tl
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 3600tl Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 3600tl
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 4000tl Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 4000tl
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 5000tl Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 5000tl
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 1.5 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 1.5
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 2.5 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 2.5
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 3.0 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 3.0
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 3.6 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 3.6
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 4.0 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 4.0
All versions
Configuration S
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy 5.0 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy 5.0
All versions
Configuration T
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central 2200 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central 2200
All versions
Configuration U
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central 1000cp Xt Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central 1000cp Xt
All versions
Configuration V
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central 800cp Xt Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central 800cp Xt
All versions
Configuration W
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central 850cp Xt Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central 850cp Xt
All versions
Configuration X
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central 900cp Xt Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central 900cp Xt
All versions
Configuration Y
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central 500cp Xt Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central 500cp Xt
All versions
Configuration Z
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central 630cp Xt Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central 630cp Xt
All versions
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central 720cp Xt Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central 720cp Xt
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central 760cp Xt Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central 760cp Xt
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central Storage 500 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central Storage 500
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central Storage 630 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central Storage 630
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central Storage 720 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central Storage 720
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central Storage 760 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central Storage 760
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central Storage 800 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central Storage 800
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central Storage 850 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central Storage 850
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central Storage 900 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central Storage 900
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central Storage 1000 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central Storage 1000
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central Storage 2200 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central Storage 2200
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Central Storage 2500 Ev Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Central Storage 2500 Ev
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Sunny Boy Storage 2.5 Firmware
All versions
Running on/withPlatform Versions
Sma
Sunny Boy Storage 2.5
All versions
Configuration N
1 vulnerable
Vulnerable SoftwareAffected Versions
Sunny Explorer
All versions

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (6)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.