Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for iSolarCloud by SunGrow

    CVE-2025-29756 (GCVE-0-2025-29756)

    Vulnerability from nvd – Published: 2025-06-11 08:01 – Updated: 2025-06-23 12:45 Exclusively Hosted Service
    VLAI
    Title
    MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters
    Summary
    SunGrow's back end users system iSolarCloud https://isolarcloud.com  uses an MQTT service to transport data from the user's connected devices to the user's web browser.  The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.  While the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received. An attack with an account on iSolarCloud.com could extract MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic '#' and thus recieve all messages from all connected devices.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-29756 third-party-advisorytechnical-description
    https://csirt.divd.nl/DIVD-2025-00009 third-party-advisory
    https://isolarcloud.com product
    Impacted products
    Vendor Product Version
    SunGrow iSolarCloud Affected: 0 , < 7 June 2025 (custom)
    Create a notification for this product.
    Date Public
    2025-06-08 22:00
    Credits
    Harm van den Brink (DIVD) Frank Breedijk (DIVD) ENCS (https://encs.eu/)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29756",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T13:14:49.544632Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T13:14:59.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "iSolarCloud",
              "vendor": "SunGrow",
              "versions": [
                {
                  "lessThan": "7 June 2025",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Harm van den Brink (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "ENCS (https://encs.eu/)"
            }
          ],
          "datePublic": "2025-06-08T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SunGrow\u0027s back end users system \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://isolarcloud.com\"\u003eiSolarCloud\u003c/a\u003e\u0026nbsp;uses an MQTT service to transport data from the user\u0027s connected devices to the user\u0027s web browser.\u0026nbsp;\u003cbr\u003eThe MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.\u0026nbsp;\u003cbr\u003eWhile the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.\u003cbr\u003eAn attack with an account on iSolarCloud.com could extract\u0026nbsp;MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic \u0027#\u0027 and thus recieve all messages from all connected devices."
                }
              ],
              "value": "SunGrow\u0027s back end users system  iSolarCloud https://isolarcloud.com \u00a0uses an MQTT service to transport data from the user\u0027s connected devices to the user\u0027s web browser.\u00a0\nThe MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.\u00a0\nWhile the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.\nAn attack with an account on iSolarCloud.com could extract\u00a0MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic \u0027#\u0027 and thus recieve all messages from all connected devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:Y",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T12:45:06.342Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "technical-description"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-29756"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00009"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://isolarcloud.com"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable."
                }
              ],
              "value": "iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable."
            }
          ],
          "source": {
            "advisory": "DIVD-2025-00009",
            "discovery": "EXTERNAL"
          },
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-29756",
        "datePublished": "2025-06-11T08:01:16.794Z",
        "dateReserved": "2025-03-11T13:40:29.272Z",
        "dateUpdated": "2025-06-23T12:45:06.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-29756 (GCVE-0-2025-29756)

    Vulnerability from cvelistv5 – Published: 2025-06-11 08:01 – Updated: 2025-06-23 12:45 Exclusively Hosted Service
    VLAI
    Title
    MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters
    Summary
    SunGrow's back end users system iSolarCloud https://isolarcloud.com  uses an MQTT service to transport data from the user's connected devices to the user's web browser.  The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.  While the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received. An attack with an account on iSolarCloud.com could extract MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic '#' and thus recieve all messages from all connected devices.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://csirt.divd.nl/CVE-2025-29756 third-party-advisorytechnical-description
    https://csirt.divd.nl/DIVD-2025-00009 third-party-advisory
    https://isolarcloud.com product
    Impacted products
    Vendor Product Version
    SunGrow iSolarCloud Affected: 0 , < 7 June 2025 (custom)
    Create a notification for this product.
    Date Public
    2025-06-08 22:00
    Credits
    Harm van den Brink (DIVD) Frank Breedijk (DIVD) ENCS (https://encs.eu/)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29756",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-06-11T13:14:49.544632Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-11T13:14:59.294Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "iSolarCloud",
              "vendor": "SunGrow",
              "versions": [
                {
                  "lessThan": "7 June 2025",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Harm van den Brink (DIVD)"
            },
            {
              "lang": "en",
              "type": "analyst",
              "value": "Frank Breedijk (DIVD)"
            },
            {
              "lang": "en",
              "type": "finder",
              "value": "ENCS (https://encs.eu/)"
            }
          ],
          "datePublic": "2025-06-08T22:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SunGrow\u0027s back end users system \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://isolarcloud.com\"\u003eiSolarCloud\u003c/a\u003e\u0026nbsp;uses an MQTT service to transport data from the user\u0027s connected devices to the user\u0027s web browser.\u0026nbsp;\u003cbr\u003eThe MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.\u0026nbsp;\u003cbr\u003eWhile the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.\u003cbr\u003eAn attack with an account on iSolarCloud.com could extract\u0026nbsp;MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic \u0027#\u0027 and thus recieve all messages from all connected devices."
                }
              ],
              "value": "SunGrow\u0027s back end users system  iSolarCloud https://isolarcloud.com \u00a0uses an MQTT service to transport data from the user\u0027s connected devices to the user\u0027s web browser.\u00a0\nThe MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to.\u00a0\nWhile the data that is transmitted through the MQTT server is encrypted and the credentials for the MQTT server are obtained though an API call, the credentials could be used to subscribe to any topic and the encryption key can be used to decrypt all messages received.\nAn attack with an account on iSolarCloud.com could extract\u00a0MQTT credentials and the decryption key from the browser and then use an external program to subscribe to the topic \u0027#\u0027 and thus recieve all messages from all connected devices."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-1",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "Automatable": "YES",
                "Recovery": "NOT_DEFINED",
                "Safety": "NOT_DEFINED",
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "providerUrgency": "NOT_DEFINED",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "valueDensity": "NOT_DEFINED",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/AU:Y",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE",
                "vulnerabilityResponseEffort": "NOT_DEFINED"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-06-23T12:45:06.342Z",
            "orgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
            "shortName": "DIVD"
          },
          "references": [
            {
              "tags": [
                "third-party-advisory",
                "technical-description"
              ],
              "url": "https://csirt.divd.nl/CVE-2025-29756"
            },
            {
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://csirt.divd.nl/DIVD-2025-00009"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://isolarcloud.com"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable."
                }
              ],
              "value": "iSolarCloud has been patched by SunGrow and the vulnerability is no longer exploitable."
            }
          ],
          "source": {
            "advisory": "DIVD-2025-00009",
            "discovery": "EXTERNAL"
          },
          "tags": [
            "exclusively-hosted-service"
          ],
          "title": "MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b87402ff-ae37-4194-9dae-31abdbd6f217",
        "assignerShortName": "DIVD",
        "cveId": "CVE-2025-29756",
        "datePublished": "2025-06-11T08:01:16.794Z",
        "dateReserved": "2025-03-11T13:40:29.272Z",
        "dateUpdated": "2025-06-23T12:45:06.342Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }