CVE-2017-9862

Name of the Vulnerable Software and Affected Versions SMA Solar Technology products, specifically Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30

Description An issue in SMA Solar Technology products allows information disclosure when a user signs into Sunny Explorer with an incorrect password. This enables the creation of a debug report, which can disclose application information. An attacker can exploit this to create and save a .txt file with arbitrary contents, potentially writing to normally inaccessible locations on the local system. The vendor notes that the information in the debug report is of marginal significance.

Recommendations For Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30, consider restricting access to the debug report feature until a fix is available. As a temporary workaround, limit the ability to create and save .txt files through the Sunny Explorer application to minimize the risk of exploitation.