63 matches found
EUVD-2025-5283
Malicious code in bioql PyPI...
EUVD-2025-5291
Malicious code in bioql PyPI...
EUVD-2025-5285
Malicious code in bioql PyPI...
EUVD-2025-5290
Malicious code in bioql PyPI...
EUVD-2025-5289
Malicious code in bioql PyPI...
EUVD-2025-5284
Malicious code in bioql PyPI...
EUVD-2025-5288
Malicious code in bioql PyPI...
CVE-2025-29756 MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While...
CVE-2025-29756 MQTT implementation in Sungrow iSolarCloud allowed users to subscribe to all data of all connected inverters
SunGrow's back end users system iSolarCloud https://isolarcloud.com uses an MQTT service to transport data from the user's connected devices to the user's web browser. The MQTT server however did not have sufficient restrictions in place to limit the topics that a user could subscribe to. While...
CVE-2025-29756
The CVE-2025-29756 entry describes a vulnerability in SunGrow iSolarCloud’s MQTT service used by the backend for device data transport. The MQTT broker reportedly lacks sufficient topic-subscription restrictions, enabling a user with an iSolarCloud account to subscribe to any topic (notably the a...
PT-2025-25185 · Sungrow · Isolarcloud
Name of the Vulnerable Software and Affected Versions: SunGrow's back end users system iSolarCloud affected versions not specified Description: The issue concerns the MQTT service used by iSolarCloud to transport data from connected devices to the user's web browser. The MQTT server lacks...
Sungrow iSolarCloud 安全漏洞
Sungrow iSolarCloud Sunshine Cloud is a software for monitoring and managing PV power plants from China's Sunny Power Sungrow. A security vulnerability exists in Sungrow iSolarCloud, which stems from an under-restricted MQTT service that could result in subscribing to arbitrary topics and...
CISA Releases Thirteen Industrial Control Systems Advisories
CISA released thirteen Industrial Control Systems ICS advisories on March 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-072-01 Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation...
CVE-2024-50684
SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data insufficient entropy. This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud...
CVE-2024-50688
SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...
CVE-2024-50691
SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. Attackers can impersonate the iSolarCloud server and communicate with the Android app...
CVE-2024-50686
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the commonService API model...
CVE-2024-50687
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the devService API model...
CVE-2024-50689
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the orgService API model...
CVE-2024-50685
SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references IDOR via the powerStationService API model...