Search criteria
2 vulnerabilities found for iSolarCloud by SunGrow
CVE-2025-29756 (GCVE-0-2025-29756)
Vulnerability from nvd – Published: 2025-06-11 08:01 – Updated: 2025-06-23 12:45 Exclusively Hosted Service
VLAI?
Title
MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters
Summary
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser.
The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.
While the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.
An attack with an account on iSolarCloud.com could extract MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic '#' and thus recieve all messages from all connected devices.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SunGrow | iSolarCloud |
Affected:
0 , < 7 June 2025
(custom)
|
Credits
Harm van den Brink (DIVD)
Frank Breedijk (DIVD)
ENCS (https://encs.eu/)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:14:49.544632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:14:59.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iSolarCloud",
"vendor": "SunGrow",
"versions": [
{
"lessThan": "7 June 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harm van den Brink (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
},
{
"lang": "en",
"type": "finder",
"value": "ENCS (https://encs.eu/)"
}
],
"datePublic": "2025-06-08T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SunGrow\u0027s back end users system \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://isolarcloud.com\"\u003eiSolarCloud\u003c/a\u003e\u0026nbsp;uses an MQTT service to transport data from the user\u0027s connected devices to the user\u0027s web browser.\u0026nbsp;\u003cbr\u003eThe MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.\u0026nbsp;\u003cbr\u003eWhile the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.\u003cbr\u003eAn attack with an account on iSolarCloud.com could extract\u0026nbsp;MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic \u0027#\u0027 and thus recieve all messages from all connected devices."
}
],
"value": "SunGrow\u0027s back end users system iSolarCloud https://isolarcloud.com \u00a0uses an MQTT service to transport data from the user\u0027s connected devices to the user\u0027s web browser.\u00a0\nThe MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.\u00a0\nWhile the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.\nAn attack with an account on iSolarCloud.com could extract\u00a0MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic \u0027#\u0027 and thus recieve all messages from all connected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:45:06.342Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://csirt.divd.nl/CVE-2025-29756"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2025-00009"
},
{
"tags": [
"product"
],
"url": "https://isolarcloud.com"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable."
}
],
"value": "iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable."
}
],
"source": {
"advisory": "DIVD-2025-00009",
"discovery": "EXTERNAL"
},
"tags": [
"exclusively-hosted-service"
],
"title": "MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2025-29756",
"datePublished": "2025-06-11T08:01:16.794Z",
"dateReserved": "2025-03-11T13:40:29.272Z",
"dateUpdated": "2025-06-23T12:45:06.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-29756 (GCVE-0-2025-29756)
Vulnerability from cvelistv5 – Published: 2025-06-11 08:01 – Updated: 2025-06-23 12:45 Exclusively Hosted Service
VLAI?
Title
MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters
Summary
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser.
The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.
While the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.
An attack with an account on iSolarCloud.com could extract MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic '#' and thus recieve all messages from all connected devices.
Severity ?
CWE
- CWE-862 - Missing Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SunGrow | iSolarCloud |
Affected:
0 , < 7 June 2025
(custom)
|
Credits
Harm van den Brink (DIVD)
Frank Breedijk (DIVD)
ENCS (https://encs.eu/)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-29756",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T13:14:49.544632Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T13:14:59.294Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "iSolarCloud",
"vendor": "SunGrow",
"versions": [
{
"lessThan": "7 June 2025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harm van den Brink (DIVD)"
},
{
"lang": "en",
"type": "analyst",
"value": "Frank Breedijk (DIVD)"
},
{
"lang": "en",
"type": "finder",
"value": "ENCS (https://encs.eu/)"
}
],
"datePublic": "2025-06-08T22:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SunGrow\u0027s back end users system \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://isolarcloud.com\"\u003eiSolarCloud\u003c/a\u003e\u0026nbsp;uses an MQTT service to transport data from the user\u0027s connected devices to the user\u0027s web browser.\u0026nbsp;\u003cbr\u003eThe MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.\u0026nbsp;\u003cbr\u003eWhile the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.\u003cbr\u003eAn attack with an account on iSolarCloud.com could extract\u0026nbsp;MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic \u0027#\u0027 and thus recieve all messages from all connected devices."
}
],
"value": "SunGrow\u0027s back end users system iSolarCloud https://isolarcloud.com \u00a0uses an MQTT service to transport data from the user\u0027s connected devices to the user\u0027s web browser.\u00a0\nThe MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.\u00a0\nWhile the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.\nAn attack with an account on iSolarCloud.com could extract\u00a0MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic \u0027#\u0027 and thus recieve all messages from all connected devices."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:Y",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-23T12:45:06.342Z",
"orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"shortName": "DIVD"
},
"references": [
{
"tags": [
"third-party-advisory",
"technical-description"
],
"url": "https://csirt.divd.nl/CVE-2025-29756"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://csirt.divd.nl/DIVD-2025-00009"
},
{
"tags": [
"product"
],
"url": "https://isolarcloud.com"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable."
}
],
"value": "iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable."
}
],
"source": {
"advisory": "DIVD-2025-00009",
"discovery": "EXTERNAL"
},
"tags": [
"exclusively-hosted-service"
],
"title": "MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
"assignerShortName": "DIVD",
"cveId": "CVE-2025-29756",
"datePublished": "2025-06-11T08:01:16.794Z",
"dateReserved": "2025-03-11T13:40:29.272Z",
"dateUpdated": "2025-06-23T12:45:06.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}