CVE-2017-9853

Name of the Vulnerable Software and Affected Versions SMA Solar Technology products (affected versions not specified) Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30

Description An issue was discovered in SMA Solar Technology products, where all inverters have a weak password policy for the user and installer password. There are no complexity requirements or length requirements set for passwords. Additionally, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters.

Recommendations For SMA Solar Technology products, consider implementing a stronger password policy with complexity and length requirements. For Sunny Boy TLST-21 and TL-21, and Sunny Tripower TL-10 and TL-30, restrict access to the user and installer password until a stronger password policy can be implemented. As a temporary workaround, consider disabling the default password functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.