An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer…
mitre·CWE-521·Published 2017-08-05
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides "a very high security standard." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides "a very high security standard." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
** EN DISPUTA ** Se descubrió un problema en los productos de SMA Solar Technology. Todos los inversores tienen una política de contraseñas muy débil para el usuario y el instalador. No se establecen requisitos de complejidad ni de longitud. Además, las contraseñas fuertes son imposibles de usar debido a un máximo de 12 caracteres y un conjunto limitado de caracteres. NOTA: el proveedor informa que el límite de 12 caracteres proporciona "un estándar de seguridad muy alto". Además, sólo Sunny Boy TLST-21 y TL-21 y Sunny Tripower TL-10 y TL-30 podrían verse afectados.
| Version | Type | Source | Base | Exp | Impact | Vector |
|---|---|---|---|---|---|---|
| 2.0 | Primary | NVD | 5.0 | 10.0 | 2.9 | AV:N/AC:L/Au:N/C:P/I:N/A:N |
| 3.0 | Primary | NVD | 9.8 | 3.9 | 5.9 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |