Sungrow iSolarCloud Android App, WiNet Firmware

Plan Patch8.2ICS-CERT ICSA-25-072-12Mar 13, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in Sungrow iSolarCloud Android App (version 2.1.6 and earlier) and WiNet Firmware (all versions) related to disabled SSL/TLS certificate validation (CWE-295), weak cryptographic algorithms (CWE-327), and hardcoded credentials (CWE-798). These flaws allow attackers to intercept and potentially modify sensitive information transmitted between the app, WiNet devices, and Sungrow cloud services, including user credentials, inverter configuration, and monitoring data. The vulnerabilities affect the security of communications in solar generation monitoring and control systems.

What this means

What could happen

An attacker could intercept or modify sensitive data transmitted by Sungrow solar monitoring systems, including credentials and configuration information. This could allow unauthorized access to solar inverter monitoring and control capabilities.

Who's at risk

Solar energy operators and integrators using Sungrow iSolarCloud system for monitoring and managing distributed solar inverters. This includes utilities with distributed solar resources, solar farms, and commercial/industrial solar installations that rely on the iSolarCloud Android app or WiNet monitoring devices for remote supervision and data collection.

How it could be exploited

An attacker on the network path between the Android app or WiNet device and Sungrow's cloud services could intercept unencrypted or weakly encrypted communications due to disabled certificate validation and weak cryptographic implementations. By intercepting this traffic, the attacker gains access to sensitive information and could inject malicious data.

Prerequisites

Network access to communications between iSolarCloud Android App and Sungrow servers
Network access to WiNet device communications
Ability to perform man-in-the-middle attack (network position or compromised local network)

remotely exploitableno authentication requiredlow complexityhigh CVSS score (8.2)affects monitoring and control of power generation infrastructure

Exploitability

Low exploit probability (EPSS 0.9%)

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

WiNet Firmware: vers:all/*All versionsWINET-SV200.001.00.P028 or higher

iSolarCloud Android App: <=2.1.6≤ 2.1.6latest version available

Remediation & Mitigation

0/4

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate WiNet firmware to version WINET-SV200.001.00.P028 or higher

HOTFIXUpdate iSolarCloud Android App to the latest version available from app store

Long-term hardening

0/2

HARDENINGIsolate solar monitoring networks from business network and internet-facing systems using firewall rules and network segmentation

HARDENINGIf remote access to solar monitoring systems is required, use a VPN connection and keep VPN software updated to the latest version

CVEs (15)

CVE-2024-50691 CVE-2024-50684 CVE-2024-50685 CVE-2024-50693 CVE-2024-50689 CVE-2024-50686 CVE-2024-50687 CVE-2024-50688 CVE-2024-50692 CVE-2024-50690 CVE-2024-50694 CVE-2024-50697 CVE-2024-50695 CVE-2024-50698 CVE-2024-50696

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1761a891-45a5-4998-8a89-30e4cd5acee4