I caught a few IBC Solar ServeMaster TLP+ installations off the Danfoss Shodan search and it seems to have the same vulnerabilities plus a few. They use the same underlying server and same layout for the web pages so I think it is just different branding? You can login with the defaults of admin / admin.
Under Setup -> Communication -> SMTP setup (/cgi-bin/setup_comm_smtp.tcl), the credentials of a mail server are stored in plain text. If the default admin login is not changed then an attacker can gain credentials of another server:
The request is made over HTTP via the GET method, not SSL:
The response is in the clear as seen in a proxy:
Under Setup -> Communication -> Portal upload (/cgi-bin/setup_comm_dw.tcl), the credentials of the FTP server are stored in plain text too:
Under Setup -> Communication -> GSM Modem (/cgi-bin/setup_comm_gprs.tcl), the credentials of the FTP server are stored in plain text too: