How severe is CVE-2017-9853?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2017-9853?

This is classified as CWE-521, which is a common weakness in software security.

CVE-2017-9853 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of characters. NOTE: the vendor reports that the 12-character limit provides "a very high security standard." Also, only Sunny Boy TLST-21 and TL-21 and Sunny Tripower TL-10 and TL-30 could potentially be affected

Related Vulnerabilities

CVE-2017-1196

CRITICAL

CVSS:9.8(Critical)

IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: ...

CWE-5212017

CVE-2017-1221

CRITICAL

CVSS:9.8(Critical)

IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force I...

CWE-5212017

CVE-2017-12861

CRITICAL

CVSS:9.8(Critical)

The Epson "EasyMP" software is designed to remotely stream a users computer to supporting projectors.These devices are authenticated using a unique 4-digit code, displayed on-screen - ensuring only th...

CWE-5212017

CVE-2017-14189

CRITICAL

CVSS:9.8(Critical)

An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can access the admin webUI to successfully log-in regardless the provided password.

CWE-5212017

CVE-2017-1601

CRITICAL

CVSS:9.8(Critical)

IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not require that users should have strong passwords by default, which makes it easier for attackers to compro...

CWE-5212017

CVE-2017-18857

CRITICAL

CVSS:9.8(Critical)

The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement.

CWE-5212017