November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert- Geost Android Banking Botnet Targeting Russians
October 8, 2019Rewterz Threat Advisory – GE Mark VIe Controller Multiple Vulnerabilities
October 9, 2019Rewterz Threat Alert- Geost Android Banking Botnet Targeting Russians
October 8, 2019Rewterz Threat Advisory – GE Mark VIe Controller Multiple Vulnerabilities
October 9, 2019
Severity
High
Analysis Summary
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.
Impact
Cross-Site Request Forgery
Affected Vendors
SMA Solar Technology AG
Affected Products
Sunny WebBox Firmware Version 1.6 and prior
Remediation
This product is end-of-life and is no longer supported.
SMA recommends deactivation of port forwarding as it is not required for monitoring PV systems via the SMA Sunny Portal. If direct access to a system from the Internet is necessary, SMA recommends using an encrypted virtual private network (VPN). On delivery, any saved default passwords should also be replaced with individual secure passwords, and unused ports on the system/router should be closed.