CVE-2017-9862

{"id": "CVE-2017-9862", "cveTags": [{"tags": ["disputed"], "sourceIdentifier": "cve@mitre.org"}], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2017-08-05T17:29:00.770", "references": [{"url": "http://www.sma.de/en/statement-on-cyber-security.html", "source": "cve@mitre.org"}, {"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", "source": "cve@mitre.org"}, {"url": "https://horusscenario.com/CVE-information/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.sma.de/en/statement-on-cyber-security.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.sma.de/fileadmin/content/global/specials/documents/cyber-security/Whitepaper-Cyber-Security-AEN1732_07.pdf", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://horusscenario.com/CVE-information/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in SMA Solar Technology products. When signed into Sunny Explorer with a wrong password, it is possible to create a debug report, disclosing information regarding the application and allowing the attacker to create and save a .txt file with contents to his liking. An attacker may use this for information disclosure, or to write a file to normally unavailable locations on the local system. NOTE: the vendor reports that \"the information contained in the debug report is of marginal significance.\" Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected"}, {"lang": "es", "value": "** EN DISPUTA ** Se ha descubierto un problema en productos SMA Solar Technology. Cuando se inicia sesi\u00f3n en Sunny Explorer con una contrase\u00f1a incorrecta, es posible crear un informe de depuraci\u00f3n que contiene informaci\u00f3n relacionada con la aplicaci\u00f3n y que permite que el atacante cree y guarde un archivo .txt con el contenido que estime oportuno. Un atacante podr\u00eda emplear esta vulnerabilidad para divulgar informaci\u00f3n o para escribir un archivo en lugares normalmente inaccesibles del sistema local. NOTA: El fabricante reporta que \"la informaci\u00f3n contenida en el informe de depuraci\u00f3n tiene una importancia menor\". Tambi\u00e9n, solo podr\u00edan estar potencialmente afectados Sunny Boy TLST-21 y TL-21 y Sunny Tripower TL-10 y TL-30"}], "lastModified": "2024-11-21T03:37:01.623", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sma:sunny_explorer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6293DBA-5747-4315-A394-ECE32BD64C1A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}