- AustraliaEnglish
- BelgiumDutchFrench
- BrasilPortuguese
- BulgariaBulgarian
- CanadaEnglish
- Greater ChinaSimplified ChineseTraditional Chinese
- CzechCzech
- FinlandFinnish
- FranceFrench
- Germany (Global)GermanEnglishFrenchSpanish
- GreeceGreek
- HungaryHungarian
- IndiaEnglish
- ItalyItalian
- IrelandEnglish
- JapanJapanese
- IsraelHebrew
- KoreaKorean
- LuxembourgFrench
- MalaysiaMalaysian
- MexicoSpanish
- Middle East & AfricaEnglish
- NetherlandsDutch
- PolandPolish
- PortugalPortuguese
- RomaniaRomanian
- SlovakiaCzech
- SpainSpanish
- South AmericaSpanish
- South AsiaEnglish
- South East AsiaEnglish
- SwedenSwedish
- ThailandThai
- TurkeyTurkish
- UkraineUkrainian
- United KingdomEnglish
- United States of AmericaEnglish
Current security notifications
Please also read the information and documentation in our document archive.
November 27, 2024 | SQL injection vulnerability in SMA Sunny Central
In SMA Sunny Central inverters with firmware version numbers < 10.01.18.R, there is an authenticated (administration rights) SQL injection vulnerability on the administration panel that allows access to a database. The database that can be accessed is a log database that stores measurement data for graphical representation.
Further details, including the advisory, can be found at https://certvde.com/en/advisories/VDE-2024-074.
July 13, 2023 | “MOVEit” cybersecurity incident
Information on the “MOVEit” cybersecurity incident
In June 2023, we identified a cybersecurity incident at SMA in connection with the MOVEit software. The affected system was immediately shut down and examined in line with our successfully established cybersecurity processes, and the appropriate emergency measures were implemented. A damage analysis revealed that no personal details or business-critical data were affected, because the system in question was isolated from SMA’s network of core systems. Data encryption did not take place.
This incident does not result in any risks to SMA’s business partners or employees.
If you have any questions about this or any other cyber-security-related issues, please do not hesitate to contact Information-Security@sma.de.
December 20, 2021 | Log4Shell vulnerability
As already reported in the international media, a cyber security vulnerability has been identified (CVE-2021-44228, https://nvd.nist.gov/vuln/detail/CVE-2021-44228). It enables hackers to execute malicious program codes on the target systems, compromising system security as a result.
SMA inverters and the SMA monitoring portals are not affected by this latest vulnerability, although certain other SMA products may be affected. For these products, SMA will soon provide automatic software updates to counter the vulnerability. To make it harder for hackers to attack vulnerable systems, SMA will not disclose the products and versions in question until after the automatic updates have been rolled out.
Operators of large-scale SMA systems that are not subject to the automatic update will be contacted directly by the SMA service team and the updates will be installed by agreement.
You can find further information about this issue in the SMA manufacturer declaration →. It is updated regularly.
If you have any further questions, please contact SMA Information-Security@sma.de.
We are doing everything we can to solve this problem and would like to apologize for any inconvenience caused.