Sma Sunny Boy 4.0 Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Sma Sunny Boy 4.0 Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2017-9860 — CVSS 9.8 (critical): An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update…
CVE-2017-9859 — CVSS 9.8 (critical): An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for…
CVE-2017-9861 — CVSS 9.8 (critical): An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it…
CVE-2017-9854 — CVSS 9.8 (critical): An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be…
CVE-2017-9855 — CVSS 9.8 (critical): An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid…
CVE-2017-9852 — CVSS 9.8 (critical): An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed…
CVE-2017-9853 — CVSS 9.8 (critical): An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer…
CVE-2017-9863 — CVSS 8.8 (high): An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host…
CVE-2017-9857 — CVSS 8.1 (high): An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with…
CVE-2017-9864 — CVSS 7.5 (high): An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way…
CVE-2017-9858 — CVSS 7.5 (high): An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and…
CVE-2017-9856 — CVSS 3.4 (low): An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The…