PT-2017-19218 · Sma Solar Technology · Sma Solar Technology Products
Willem Westerhof
·
Published
2017-08-05
·
Updated
2024-08-05
·
CVE-2017-9852
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SMA Solar Technology products (affected versions not specified)
Description
An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer passwords are expected to be default or similar across installations installed by the same company. Hidden user accounts have a fixed password for all devices, which can never be changed by a user. Other vulnerabilities exist that allow an attacker to get the passwords of these hidden user accounts.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Using Hardcoded Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sma Solar Technology Products