CVE-2017-9855

Name of the Vulnerable Software and Affected Versions SMA Solar Technology products (affected versions not specified) Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30

Description An issue was discovered in SMA Solar Technology products, related to the Grid Guard system, which is a secondary system available for Installers. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. When combined with the installer account, any such code allows changing very sensitive parameters. The vendor reports that Grid Guard is not an authentication feature, but only a tracing feature.

Recommendations For Sunny Boy TLST-21 and TL-21, consider restricting access to the Grid Guard system until a fix is available. For Sunny Boy TL-21, restrict access to the Grid Guard system until a fix is available. For Sunny Tripower TL-10 and TL-30, restrict access to the Grid Guard system until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.