A security researcher discovered a Cross Site Request Forgery (CSRF, XSRF) vulnerability in SMA Cluster Controller. The affected products are out of support (End-of-Life 2018-06-30).
A security researcher discovered that in the affected products a clickjacking vulnerability in the web frontend exists. An attacker could lure the user to click on a malicious website which seems to be the WebUI of the affected product. The affected products are out of support (End-of-Life 2015-12-31).
A security researcher discovered that in the affected products an authenticated (administration privileges) SQL injection has been found on the administration panel allowing access to a database. The database that can be accessed is a log database in which measurement data are stored for a graphical representation.