Sunny Boy
by Sma
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9853 | Cri | 0.64 | 9.8 | 0.02 | Aug 5, 2017 | An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a… | ||
| CVE-2017-9857 | Hig | 0.53 | 8.1 | 0.01 | Aug 5, 2017 | An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting… | ||
| CVE-2017-9864 | Hig | 0.49 | 7.5 | 0.02 | Aug 5, 2017 | An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout policies and random-number generators based on timestamps, and makes timestamps for… | ||
| CVE-2021-4459 | Med | 0.42 | 6.5 | 0.01 | Aug 27, 2025 | An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices. |
- risk 0.64cvss 9.8epss 0.02
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a…
- risk 0.53cvss 8.1epss 0.01
An issue was discovered in SMA Solar Technology products. The SMAdata2+ communication protocol does not properly use authentication with encryption: it is vulnerable to man in the middle, packet injection, and replay attacks. Any setting change, authentication packet, scouting…
- risk 0.49cvss 7.5epss 0.02
An issue was discovered in SMA Solar Technology products. An attacker can change the plant time even when not authenticated in any way. This changes the system time, possibly affecting lockout policies and random-number generators based on timestamps, and makes timestamps for…
- risk 0.42cvss 6.5epss 0.01
An authorized remote attacker can access files and directories outside the intended web root, potentially exposing sensitive system information of the affected Sunny Boy devices.