GradeZero Music Band

Monday, September 14, 2015

Sunny WebBox Fix

CVE-2015-3964: SMA Solar Technology AG Sunny WebBox (monitoring solution for medium-sized PV plants) Hardcoded Account Vulnerability is fixed. Presented at 31C3 by Alexander Timorin.



SMA did a great job to remove open Sunny WebBox from the Internet. According Shodan it only ~9,500 online now vs 80,000 in December 2014.
Looks like #SCADASOS works. You can find more shodan/google dorks for Solar and Wind Power Plants here.


Advisory: https://ics-cert.us-cert.gov/advisories/ICSA-15-181-02 

Enjoy 

No comments:

Post a Comment