Sunny boy 5.0 firmware
This hub aggregates every CVE we track for Sunny boy 5.0 firmware, a product in the ics ot iot space. Use it to gauge the current risk picture and drill into individual advisories.
12
CVEs tracked
7
Critical
4
High
0
In CISA KEV
Severity distribution
CRITICAL7HIGH4LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 12 most recently published vulnerabilities affecting Sunny boy 5.0 firmware.
- CVE-2017-9852An Incorrect Password Management issue was discovered in SMA Solar Technology products. Default passwords exist that are rarely changed. User passwords will almost always be default. Installer pass...9.8
- CVE-2017-9863An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings ...8.8
- CVE-2017-9861An issue was discovered in SMA Solar Technology products. The SIP implementation does not properly use authentication with encryption: it is vulnerable to replay attacks, packet injection attacks, ...9.8
- CVE-2017-9864An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout poli...7.5
- CVE-2017-9857An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet in...8.1
- CVE-2017-9859An issue was discovered in SMA Solar Technology products. The inverters make use of a weak hashing algorithm to encrypt the password for REGISTER requests. This hashing algorithm can be cracked rel...9.8
- CVE-2017-9853An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are s...9.8
- CVE-2017-9858An issue was discovered in SMA Solar Technology products. By sending crafted packets to an inverter and observing the response, active and inactive user accounts can be determined. This aids in fur...7.5
- CVE-2017-9856An issue was discovered in SMA Solar Technology products. Sniffed passwords from SMAdata2+ communication can be decrypted very easily. The passwords are "encrypted" using a very simple encryption a...3.4
- CVE-2017-9860An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If ...9.8
- CVE-2017-9855An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a singl...9.8
- CVE-2017-9854An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are typed into Sunny Explorer by the user. T...9.8
Product normalization is registry-driven with AI assist and human review. How it works