CVE-2017-9857

Name of the Vulnerable Software and Affected Versions SMA Solar Technology products (affected versions not specified) Sunny Boy versions TLST-21 and TL-21 Sunny Tripower versions TL-10 and TL-30

Description The SMAdata2+ communication protocol in SMA Solar Technology products does not properly use authentication with encryption, making it vulnerable to man-in-the-middle, packet injection, and replay attacks. An attacker can replay, inject, or use packets for a man-in-the-middle session, including setting changes, authentication packets, and scouting packets. All functionalities available in Sunny Explorer can be accessed from anywhere within the network if an attacker sets up the packet correctly. This includes authentication for all access levels and changing settings according to gained access rights. Additionally, the unencrypted SMAdata2+ communication channel allows an attacker who understands the protocol to eavesdrop on communications.

Recommendations For Sunny Boy versions TLST-21 and TL-21, consider disabling the SMAdata2+ communication protocol until a secure authentication mechanism with encryption is implemented. For Sunny Tripower versions TL-10 and TL-30, restrict access to the SMAdata2+ communication channel to minimize the risk of exploitation. As a temporary workaround, consider limiting network access to trusted devices and users to reduce the risk of man-in-the-middle, packet injection, and replay attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.