Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting packet, etc. can be replayed, injected, or used for a man in the middle session. All functionalities available in Sunny Explorer can effectively be done from anywhere within the network as long as an attacker gets the packet setup correctly. This includes the authentication process for all (including hidden) access levels and the changing of settings in accordance with the gained access rights. Furthermore, because the SMAdata2+ communication channel is unencrypted, an attacker capable of understanding the protocol can eavesdrop on communications. NOTE: the vendor's position is that authentication with encryption is not required on an isolated subnetwork. Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SMA Solar Technology inverter 安全漏洞
Vulnerability Description
SMA Solar Technology inverter是德国SMA公司的一款光伏逆变器设备。 SMA Solar Technology inverter中存在安全漏洞,该漏洞源于没有正确使用加密认证。攻击者可利用该漏洞实施中间人攻击和重放攻击,更改设置。
CVSS Information
N/A
Vulnerability Type
N/A