Lucene search
+L

138 matches found

CNNVD
CNNVD
added 2025/02/26 12:0 a.m.7 views

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in the SunGrow iSolarCloud Android app version...

6.5CVSS6.6AI score0.00325EPSS
Exploits0References3
CVE
CVE
added 2025/02/26 12:0 a.m.115 views

CVE-2024-50687

CVE-2024-50687 (SunGrow iSolarCloud) : The SunGrow iSolarCloud ecosystem (Android app and cloud) is vulnerable to multiple insecure direct object references (IDOR) via the devService API model, with related exposure noted for powerStationService, userService, orgService, and commonService APIs. T...

9.1CVSS6.5AI score0.0041EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/02/26 12:0 a.m.105 views

CVE-2024-50685

SunGrow iSolarCloud is vulnerable to insecure direct object references (IDOR) in the powerStationService API model, affecting the iSolarCloud Android app and related cloud services. The root cause is IDOR flaws that could allow unauthorized access to user data and potentially modify key identifyi...

9.1CVSS6.5AI score0.00454EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/26 12:0 a.m.13 views

CVE-2024-50689

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the orgService API model...

9.2AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.9 views

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...

9.1CVSS6.7AI score0.00454EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/26 12:0 a.m.11 views

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

9.4AI score0.00474EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/26 12:0 a.m.32 views

CVE-2024-50688

SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...

0.00474EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.7 views

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...

9.1CVSS6.7AI score0.00454EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.8 views

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud version V2.1.6.20241017 and...

9.8CVSS6.7AI score0.00474EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.13 views

SunGrow WiNet-S 安全漏洞

The SunGrow WiNet-S is a LAN communication module from China's SunGrow Power SunGrow. A security vulnerability exists in SunGrow WiNet-S version V200.001.00.P025 and prior versions, which stems from a firmware upgrade that lacks integrity checking...

7.5CVSS6.8AI score0.00208EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/26 12:0 a.m.14 views

CVE-2024-50685

SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references IDOR via the powerStationService API model...

9.2AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.6 views

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...

9.1CVSS6.7AI score0.0041EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/02/26 12:0 a.m.6 views

SunGrow iSolarCloud 安全漏洞

SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...

9.1CVSS6.7AI score0.0047EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/02/26 12:0 a.m.10 views

CVE-2024-50696

SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server...

7.5AI score0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/26 12:0 a.m.34 views

CVE-2024-50684

SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data insufficient entropy. This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud...

0.00325EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/26 12:0 a.m.16 views

CVE-2024-50686

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the commonService API model...

0.00454EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/26 12:0 a.m.17 views

CVE-2024-50693

SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the userService API model...

0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/26 12:0 a.m.26 views

CVE-2024-50696

SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server...

0.00208EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/26 12:0 a.m.16 views

CVE-2024-50685

SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references IDOR via the powerStationService API model...

0.00454EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/26 12:0 a.m.27 views

CVE-2024-50691

SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. Attackers can impersonate the iSolarCloud server and communicate with the Android app...

0.00219EPSS
Exploits0References1
Rows per page
Query Builder