138 matches found
SunGrow iSolarCloud 安全漏洞
SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in the SunGrow iSolarCloud Android app version...
CVE-2024-50687
CVE-2024-50687 (SunGrow iSolarCloud) : The SunGrow iSolarCloud ecosystem (Android app and cloud) is vulnerable to multiple insecure direct object references (IDOR) via the devService API model, with related exposure noted for powerStationService, userService, orgService, and commonService APIs. T...
CVE-2024-50685
SunGrow iSolarCloud is vulnerable to insecure direct object references (IDOR) in the powerStationService API model, affecting the iSolarCloud Android app and related cloud services. The root cause is IDOR flaws that could allow unauthorized access to user data and potentially modify key identifyi...
CVE-2024-50689
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the orgService API model...
SunGrow iSolarCloud 安全漏洞
SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...
CVE-2024-50688
SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...
CVE-2024-50688
SunGrow iSolarCloud Android application V2.1.6.20241017 and prior contains hardcoded credentials. The application regardless of the user account and the cloud uses the same MQTT credentials for exchanging the device telemetry...
SunGrow iSolarCloud 安全漏洞
SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...
SunGrow iSolarCloud 安全漏洞
SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud version V2.1.6.20241017 and...
SunGrow WiNet-S 安全漏洞
The SunGrow WiNet-S is a LAN communication module from China's SunGrow Power SunGrow. A security vulnerability exists in SunGrow WiNet-S version V200.001.00.P025 and prior versions, which stems from a firmware upgrade that lacks integrity checking...
CVE-2024-50685
SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references IDOR via the powerStationService API model...
SunGrow iSolarCloud 安全漏洞
SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...
SunGrow iSolarCloud 安全漏洞
SunGrow iSolarCloud is an Android app for new energy power plant management from China SunGrow SunGrow. It is used for power plant data collection, monitoring, operation and maintenance and operation management. A security vulnerability exists in SunGrow iSolarCloud, which stems from an insecure...
CVE-2024-50696
SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server...
CVE-2024-50684
SunGrow iSolarCloud Android app V2.1.6.20241017 and prior uses an insecure AES key to encrypt client data insufficient entropy. This may allow attackers to decrypt intercepted communications between the mobile app and iSolarCloud...
CVE-2024-50686
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the commonService API model...
CVE-2024-50693
SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references IDOR via the userService API model...
CVE-2024-50696
SunGrow WiNet-S V200.001.00.P025 and earlier versions is missing integrity checks for firmware upgrades. Sending a specific MQTT message allows an update to an inverter or a WiNet connectivity dongle with a bogus firmware file that is located on attacker-controlled server...
CVE-2024-50685
SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references IDOR via the powerStationService API model...
CVE-2024-50691
SunGrow iSolarCloud Android app V2.1.6.20241104 and prior suffers from Missing SSL Certificate Validation. The app explicitly ignores certificate errors and is vulnerable to MiTM attacks. Attackers can impersonate the iSolarCloud server and communicate with the Android app...