CVE Tools

sma

ICS / OT / IoTUScommercial

14

Cumulative CVEs

1

Monthly snapshots

#33

Peak rank

Top products

sunny boy 5000 firmware12 sunny boy 5000tl firmware12 sunny boy 5.0 firmware12

Latest CVEs

The 15 most recently published vulnerabilities affecting sma.

CVE-2021-4459SMA: Directory Traversal in Sunny Boy <3.10.27.R6.5Aug 27, 2025
CVE-2025-41685SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user6.5Aug 19, 2025
CVE-2025-41645SMA: Sunny Portal demo system privilege escalation8.6May 13, 2025
CVE-2025-0731SMA: Sunny Portal Remote Code Execution6.5Feb 26, 2025
CVE-2024-11025SMA: SQL injection in Sunny Central UP5.4Nov 27, 2024
CVE-2024-1890Clickjacking vulnerability in Sunny Webbox6.4Feb 26, 2024
CVE-2024-1889Cross-Site Request Forgery vulnerability in SMA Cluster Controller8.8Feb 26, 2024
CVE-2021-46416Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to unauthorized user groups accessing due to insecure cookie handling.8.1Apr 7, 2022
CVE-2019-13529An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 a...8.8Oct 9, 2019
CVE-2017-9852An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer pass...9.8Aug 5, 2017
CVE-2017-9863An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings ...8.8Aug 5, 2017
CVE-2017-9861An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, ...9.8Aug 5, 2017
CVE-2017-9864An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout poli...7.5Aug 5, 2017
CVE-2017-9857An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet in...8.1Aug 5, 2017
CVE-2017-9859An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked rel...9.8Aug 5, 2017