SMA Solar Technology AG Sunny WebBox

Risk Summary

Successful exploitation of this vulnerability could allow an attacker to generate a denial-of-service condition, modify passwords, enable services, achieve man-in-the-middle, and modify input parameters associated with devices such as sensors.

CVEs (1)

Remediations

• This product is end-of-life and is no longer supported.
• SMA recommends deactivation of port forwarding as it is not required for monitoring PV systems via the SMA Sunny Portal. If direct access to a system from the Internet is necessary, SMA recommends using an encrypted virtual private network (VPN). On delivery, any saved default passwords should also be replaced with individual secure passwords, and unused ports on the system/router should be closed.
• SMA installers and administrators can answer specific questions about individual configuration of SMA devices. Basic information on this topic can also be found at: https://files.sma.de/dl/7680/CyberSecurity-TI-en-10.pdf

Affected Vendors

Affected Products (1)

Affected Sectors

Energy