Share: Email | Twitter

ID

VDE-2024-074

Published

2024-11-27 10:00 (CET)

Last update

2024-11-25 14:40 (CET)

Vendor(s)

SMA Solar Technology AG

Product(s)

Article No° Product Name Affected Version(s)
Sunny Central SC 1760-US < 10.01.18.R
Sunny Central SC 1850-US < 10.01.18.R
Sunny Central SC 2000 EV-US < 10.01.18.R
Sunny Central SC 2000-US < 10.01.18.R
Sunny Central SC-2200-10 < 10.01.18.R
Sunny Central SC 2200-US < 10.01.18.R
Sunny Central SC-2475-10 < 10.01.18.R
Sunny Central SC 2500 EV-US < 10.01.18.R
Sunny Central SC 2660 UP < 10.01.18.R
Sunny Central SC 2660 UP-US < 10.01.18.R
Sunny Central SC 2750 EV-US < 10.01.18.R
Sunny Central SC 2750 UP-US < 10.01.18.R
Sunny Central SC 2800 UP < 10.01.18.R
Sunny Central SC 2800 UP-US < 10.01.18.R
Sunny Central SC 2930 UP < 10.01.18.R
Sunny Central SC 2930 UP-US < 10.01.18.R
Sunny Central SC 3060 UP < 10.01.18.R
Sunny Central SC 3060 UP-US < 10.01.18.R
Sunny Central SC 4000 UP < 10.01.18.R
Sunny Central SC 4000 UP-US < 10.01.18.R
Sunny Central SC 4200 UP < 10.01.18.R
Sunny Central SC 4200 UP-US < 10.01.18.R
Sunny Central SC 4400 UP < 10.01.18.R
Sunny Central SC 4400 UP-JP < 10.01.18.R
Sunny Central SC 4400 UP-US < 10.01.18.R
Sunny Central SC 4600 UP < 10.01.18.R
Sunny Central SC 4600 UP-US < 10.01.18.R
Sunny Central Storage SCS-1900-10 < 10.01.18.R
Sunny Central Storage SCS-2200-10 < 10.01.18.R
Sunny Central Storage SCS 2300 UP-XT < 10.01.18.R
Sunny Central Storage SCS 2300 UP-XT-US < 10.01.18.R
Sunny Central Storage SCS 2400 UP-XT < 10.01.18.R
Sunny Central Storage SCS 2400 UP-XT-US < 10.01.18.R
Sunny Central Storage SCS-2475-10 < 10.01.18.R
Sunny Central Storage SCS 2530 UP-XT < 10.01.18.R
Sunny Central Storage SCS 2530 UP-XT-US < 10.01.18.R
Sunny Central Storage SCS 2630 UP-XT < 10.01.18.R
Sunny Central Storage SCS 2630 UP-XT-US < 10.01.18.R
Sunny Central Storage SCS-2900-10 < 10.01.18.R
Sunny Central Storage SCS 3450 UP < 10.01.18.R
Sunny Central Storage SCS 3450 UP-US < 10.01.18.R
Sunny Central Storage SCS 3450 UP-XT < 10.01.18.R
Sunny Central Storage SCS 3450 UP-XT-JP < 10.01.18.R
Sunny Central Storage SCS 3450 UP-XT-US < 10.01.18.R
Sunny Central Storage SCS 3600 UP < 10.01.18.R
Sunny Central Storage SCS 3600 UP-US < 10.01.18.R
Sunny Central Storage SCS 3600 UP-XT < 10.01.18.R
Sunny Central Storage SCS 3600 UP-XT-US < 10.01.18.R
Sunny Central Storage SCS 3800 UP < 10.01.18.R
Sunny Central Storage SCS 3800 UP-US < 10.01.18.R
Sunny Central Storage SCS 3800 UP-XT < 10.01.18.R
Sunny Central Storage SCS 3800 UP-XT-US < 10.01.18.R
Sunny Central Storage SCS 3950 UP < 10.01.18.R
Sunny Central Storage SCS 3950 UP-US < 10.01.18.R
Sunny Central Storage SCS 3950 UP-XT < 10.01.18.R
Sunny Central Storage SCS 3950 UP-XT-US < 10.01.18.R

Summary

A security researcher discovered that in the affected products an authenticated (administration privileges) SQL injection has been found on the administration panel allowing access to a database. The database that can be accessed is a log database in which measurement data are stored for a graphical representation.


Last Update:

25. November 2024 14:41

Weakness

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')  (CWE-89) 

Summary

An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device.


Impact

An authenticated user can access (read/write) an internal SQL database with measurement data that are used only for a graphical representation in UI.

Solution

Mitigation

If you can not update your system to the latest version and you assume a manipulation of this database, you can download the raw data as a csv file.

Remediation

Update Firmware to at least version 10.01.18.R

Reported by

Pierre Martin from Synacktiv
CERT@VDE coordinated with SMA