Sungrow iSolarCloud Android App, WiNet Firmware

Plan PatchCVSS 8.2ICS-CERT ICSA-25-072-12Mar 13, 2025

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Sungrow's WiNet gateway firmware and iSolarCloud Android app allow attackers to access and modify sensitive system information including inverter configuration, production data, and monitoring parameters. Affected versions: WiNet firmware all versions prior to WINET-SV200.001.00.P028; iSolarCloud Android app version 2.1.6 and earlier. Issues include insecure certificate validation (CWE-295), weak cryptography (CWE-327), improper credential management (CWE-798, CWE-259), and buffer overflows (CWE-121, CWE-122).

What this means

What could happen

An attacker with network access to the WiNet gateway or compromised Android app could read and modify sensitive system data, potentially altering solar inverter settings, production reporting, or monitoring parameters that affect grid operations or plant safety.

Who's at risk

Solar generation facilities operating Sungrow WiNet gateways and iSolarCloud monitoring apps, including municipal utilities with distributed solar installations, microgrids, and any facility relying on these systems for inverter monitoring and control.

How it could be exploited

An attacker on the network could send specially crafted requests to the WiNet gateway or intercept unencrypted communications from the iSolarCloud app to read or modify configuration and monitoring data. If the app is installed on a mobile device with network access to the solar installation, credential theft or insecure storage could allow remote access to the gateway management interface.

Prerequisites

Network access to the WiNet gateway management port
For app-based attacks: mobile device with iSolarCloud app installed and network connectivity to the gateway
No authentication required for certain endpoints

remotely exploitableno authentication required for some endpointslow complexityaffects monitoring and control of power generation systems

Exploitability

Some exploitation risk — EPSS score 1.1%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

WiNet Firmware: vers:all/*All versionsWINET-SV200.001.00.P028 or higher

iSolarCloud Android App: <=2.1.6≤ 2.1.6latest version available

Remediation & Mitigation

0/5

Do now

0/1

WORKAROUNDRestrict network access to the WiNet gateway management interface—allow connections only from trusted engineering workstations and monitoring systems, block internet-facing access

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WiNet firmware to version WINET-SV200.001.00.P028 or higher

HOTFIXUpdate iSolarCloud Android app to the latest available version through the device app store

Long-term hardening

0/2

HARDENINGIsolate solar inverter management networks from business networks using firewall rules and network segmentation

HARDENINGIf remote access to the WiNet gateway is required, enforce use of a VPN with current security patches and strong authentication

CVEs (15)

CVE-2024-50691 CVE-2024-50684 CVE-2024-50685 CVE-2024-50693 CVE-2024-50689 CVE-2024-50686 CVE-2024-50687 CVE-2024-50688 CVE-2024-50692 CVE-2024-50690 CVE-2024-50694 CVE-2024-50697 CVE-2024-50695 CVE-2024-50698 CVE-2024-50696

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1761a891-45a5-4998-8a89-30e4cd5acee4

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.