CVE-2017-9864

Name of the Vulnerable Software and Affected Versions SMA Solar Technology products, specifically Sunny Boy TLST-21, TL-21, and Sunny Tripower TL-10, TL-30

Description An issue allows an attacker to change the plant time without authentication, potentially affecting system time and making timestamps for data analysis unreliable. However, the vendor reports that this issue is largely irrelevant as it only affects log-entry timestamps and the plant time would later be reset via NTP.

Recommendations For Sunny Boy TLST-21, TL-21, and Sunny Tripower TL-10, TL-30, consider restricting access to time-setting functionality until a patch is available. As a temporary workaround, ensure NTP is properly configured to reset the plant time and minimize the impact of the issue.