CVE-2017-9851

Name of the Vulnerable Software and Affected Versions SMA Solar Technology products (affected versions not specified) Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30

Description An issue was discovered in SMA Solar Technology products where sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer can cause the application to crash. The vendor reports that the maximum possible damage is a communication failure.

Recommendations For SMA Solar Technology products, consider restricting access to the database port of Sunny Explorer to minimize the risk of exploitation. For Sunny Boy versions TLST-21 and TL-21, and Sunny Tripower versions TL-10 and TL-30, avoid using the TELNET session to the database port until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.