CVE-2017-9856

Name of the Vulnerable Software and Affected Versions SMA Solar Technology products (affected versions not specified) Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30

Description An issue was discovered in SMA Solar Technology products where sniffed passwords from SMAdata2+ communication can be decrypted easily due to a simple encryption algorithm. This allows an attacker to find the plaintext passwords and authenticate to the device.

Recommendations For Sunny Boy versions TLST-21 and TL-21, consider restricting access to SMAdata2+ communication until a secure encryption method is implemented. For Sunny Tripower versions TL-10 and TL-30, avoid using the simple encryption algorithm for password protection and explore alternative secure authentication methods. At the moment, there is no information about a newer version that contains a fix for this vulnerability.