CVE-2017-9852

Q: What is the severity of CVE-2017-9852?

CVE-2017-9852 has a CVSS score of 9.8 (CRITICAL). This CVE describes multiple password management vulnerabilities in SMA Solar Technology inverters, including default passwords that are rarely changed, installer passwords that are often predictable, and hidden user accounts with fixed passwords that cannot be changed. Attackers can exploit these weaknesses to gain unauthorized access to affected solar energy systems. The vulnerability primarily affects SMA Solar Technology's Sunny Boy TLST-21, TL-21 and Sunny Tripower TL-10, TL-30 inverters.

9.8 CRITICAL

📋 TL;DR

This CVE describes multiple password management vulnerabilities in SMA Solar Technology inverters, including default passwords that are rarely changed, installer passwords that are often predictable, and hidden user accounts with fixed passwords that cannot be changed. Attackers can exploit these weaknesses to gain unauthorized access to affected solar energy systems. The vulnerability primarily affects SMA Solar Technology's Sunny Boy TLST-21, TL-21 and Sunny Tripower TL-10, TL-30 inverters.

💻 Affected Systems

Products:

SMA Sunny Boy TLST-21
SMA Sunny Boy TL-21
SMA Sunny Tripower TL-10
SMA Sunny Tripower TL-30

Versions: All versions prior to security updates

Operating Systems: Embedded firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Vendor states only these specific models could potentially be affected. The vulnerability involves multiple authentication weaknesses including default passwords, predictable installer passwords, and fixed hidden account passwords.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of solar energy systems allowing attackers to manipulate power generation, cause physical damage to equipment, or use the systems as entry points into broader energy infrastructure networks.

🟠

Likely Case

Unauthorized access to inverter management interfaces allowing configuration changes, data theft, or disruption of solar power generation.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls, though the fundamental authentication weaknesses remain.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires knowledge of default or predictable passwords, which are often unchanged in production environments. Additional vulnerabilities exist that may help attackers obtain hidden account passwords.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with SMA Solar Technology for specific firmware updates

Vendor Advisory: http://www.sma.de/en/statement-on-cyber-security.html

Restart Required: Yes

Instructions:

1. Contact SMA Solar Technology support for firmware updates. 2. Download appropriate firmware for your specific model. 3. Follow SMA's firmware update procedures. 4. Verify successful update and test system functionality.

🔧 Temporary Workarounds

Network Segmentation and Access Control

all

Isolate SMA inverters on separate network segments with strict firewall rules to prevent unauthorized access

Password Policy Enforcement

all

Change all default passwords immediately and implement strong, unique passwords for all accounts

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected inverters from untrusted networks
Disable remote management interfaces if not absolutely required for operations

🔍 How to Verify

Check if Vulnerable:

Check if SMA inverters are using default passwords by attempting authentication with known defaults. Review password change history and account configurations.

Check Version:

Check inverter web interface or use SMA-specific management tools to query firmware version

Verify Fix Applied:

Verify firmware version has been updated to latest secure version. Test that default passwords no longer work and all accounts have unique, strong passwords.

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts
Successful logins from unexpected IP addresses
Configuration changes from unauthorized users

Network Indicators:

Unauthorized access attempts to inverter management ports (typically HTTP/HTTPS)
Traffic patterns indicating configuration changes

SIEM Query:

source="sma-inverter" AND (event_type="authentication_failure" OR event_type="configuration_change")

📊 Metadata

CVE ID: CVE-2017-9852

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: August 5, 2017

Last Updated: April 20, 2025

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Sunny Boy 1.5 Firmware by Sma

Sunny Boy 2.5 Firmware by Sma

Sunny Boy 3.0 Firmware by Sma

Sunny Boy 3.6 Firmware by Sma

Sunny Boy 3000tl Firmware by Sma

Sunny Boy 3600 Firmware by Sma

Sunny Boy 3600tl Firmware by Sma

Sunny Boy 4.0 Firmware by Sma

Sunny Boy 4000tl Firmware by Sma

Sunny Boy 5.0 Firmware by Sma

Sunny Boy 5000 Firmware by Sma

Sunny Boy 5000tl Firmware by Sma

Sunny Boy Storage 2.5 Firmware by Sma

Sunny Central 1000cp Xt Firmware by Sma

Sunny Central 2200 Firmware by Sma

Sunny Central 500cp Xt Firmware by Sma

Sunny Central 630cp Xt Firmware by Sma

Sunny Central 720cp Xt Firmware by Sma

Sunny Central 760cp Xt Firmware by Sma

Sunny Central 800cp Xt Firmware by Sma

Sunny Central 850cp Xt Firmware by Sma

Sunny Central 900cp Xt Firmware by Sma

Sunny Central Storage 1000 Firmware by Sma

Sunny Central Storage 2200 Firmware by Sma

Sunny Central Storage 2500 Ev Firmware by Sma

Sunny Central Storage 500 Firmware by Sma

Sunny Central Storage 630 Firmware by Sma

Sunny Central Storage 720 Firmware by Sma

Sunny Central Storage 760 Firmware by Sma

Sunny Central Storage 800 Firmware by Sma

Sunny Central Storage 850 Firmware by Sma

Sunny Central Storage 900 Firmware by Sma

Sunny Tripower 12000tl Firmware by Sma

Sunny Tripower 15000tl Firmware by Sma

Sunny Tripower 20000tl Firmware by Sma

Sunny Tripower 25000tl Firmware by Sma

Sunny Tripower 5000tl Firmware by Sma

Sunny Tripower 60 Firmware by Sma

Sunny Tripower Core1 Firmware by Sma