Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
Podatności dla
'Sunny explorer'
2017-08-05
CVE-2017-9863
** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing a POST request to change the user password). All Sunny Explorer settings available to the authenticated user are also available to the attacker. (In some cases, this also includes changing settings that the user has no access to.) This may result in complete compromise of the device. NOTE: the vendor reports that exploitation is unlikely because Sunny Explorer is used only rarely. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
CVE-2017-9862
** DISPUTED ** An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that "the information contained in the debug report is of marginal significance." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
CVE-2017-9851
CWE-noinfo
** DISPUTED ** An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a communication failure. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected.
>>>
Vendor:
SMA
41
Produkty
Sunny boy 3000tl firmware
Sunny tripower 25000tl firmware
Sunny central 630cp xt firmware
Sunny boy 4.0 firmware
Sunny central 500cp xt firmware
Sunny central storage 800 firmware
Sunny central storage 900 firmware
Sunny boy 5000tl firmware
Sunny boy storage 2.5 firmware
Sunny central storage 720 firmware
Sunny boy 3600tl firmware
Sunny central storage 2500-ev firmware
Sunny boy 3.0 firmware
Sunny tripower 15000tl firmware
Sunny central storage 850 firmware
Sunny boy 5000 firmware
Sunny central storage 1000 firmware
Sunny boy 4000tl firmware
Sunny central storage 2200 firmware
Sunny boy 2.5 firmware
Sunny boy 3.6 firmware
Sunny central 1000cp xt firmware
Sunny central 900cp xt firmware
Sunny tripower core1 firmware
Sunny tripower 5000tl firmware
Sunny central 2200 firmware
Sunny central 760cp xt firmware
Sunny central 720cp xt firmware
Sunny boy 1.5 firmware
Sunny boy 3600 firmware
Sunny tripower 60 firmware
Sunny central 800cp xt firmware
Sunny central storage 760 firmware
Sunny boy 5.0 firmware
Sunny tripower 12000tl firmware
Sunny central storage 630 firmware
Sunny central storage 500 firmware
Sunny central 850cp xt firmware
Sunny tripower 20000tl firmware
Sunny explorer
Sunny webbox firmware
Copyright
2024
, cxsecurity.com
Back to Top