CVE-2017-9856 · CVEKit

cve.orgen

423 chars

An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

NVDen

423 chars

An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption algorithm. This enables an attacker to find the plaintext passwords and authenticate to the device. NOTE: the vendor reports that only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

NVDes

519 chars

**EN DISPUTA** Se ha descubierto un problema en productos SMA Solar Technology. Las contraseñas interceptadas que se encuentran en de la comunicación SMAdata2+ se pueden descifrar con suma facilidad. Estas contraseñas se "cifran" empleando un algoritmo de cifrado muy sencillo. Esto permite que un atacante encuentre las contraseñas en texto plano y se autentique en el dispositivo. NOTA: El vendedor informa que únicamente podrían estar potencialmente afectados Sunny Boy TLST-21 y TL-21 y Sunny Tripower TL-10 y TL-30

CVSS metrics across sources

5

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	NVD	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H