Tigo Energy Cloud Connect Advanced (Update A)

Act Now9.8ICS-CERT ICSA-25-217-02Aug 5, 2025

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Tigo Energy Cloud Connect Advanced contains multiple critical vulnerabilities that allow attackers to gain unauthorized administrative access using hard-coded credentials (CWE-798), execute arbitrary commands via command injection (CWE-77), and bypass authentication by forging session IDs due to insecure session generation (CWE-337). Successful exploitation could allow full control of the device, modification of solar inverter settings, disruption of energy production, interference with safety mechanisms, exposure of sensitive data, and creation of persistent backdoor access through valid session tokens. The device is affected when running version 4.0.1 and earlier. Tigo Energy states it is actively working on a fix but has not yet released a patch.

What this means

What could happen

An attacker could gain complete administrative control of a Tigo Cloud Connect Advanced device using hard-coded credentials, potentially disabling solar energy production or safety systems at the connected inverter installations.

Who's at risk

Solar energy system operators and facility managers at utilities and industrial sites that use Tigo Cloud Connect Advanced devices for monitoring and controlling solar inverters should be concerned. This affects the energy sector and manufacturing facilities with on-site solar generation.

How it could be exploited

An attacker with network access to the Cloud Connect Advanced device could use embedded hard-coded credentials to log in and gain administrative privileges. From there, they could execute arbitrary commands to modify inverter settings, disable safety mechanisms, or disrupt energy production. Weak session ID generation could also allow attackers to forge valid session tokens to access sensitive functions without authentication.

Prerequisites

Network access to the Cloud Connect Advanced device (directly or via compromised network)
No valid user credentials required—hard-coded credentials are embedded in the device

remotely exploitableno authentication requiredlow complexityhard-coded credentialsaffects safety systemsno patch availablecommand injection capability

Exploitability

Moderate exploit probability (EPSS 3.6%)

Affected products (1)

ProductAffected VersionsFix Status

Cloud Connect Advanced: <=4.0.1≤ 4.0.1No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGIsolate Cloud Connect Advanced devices from internet-facing networks and place them behind a firewall

HARDENINGSegment your solar energy management network from your business network to limit lateral movement if a device is compromised

HARDENINGIf remote access is required, implement a VPN with strong authentication and keep it updated to the latest version

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGMonitor network traffic to and from Cloud Connect Advanced for unauthorized access attempts or unusual administrative commands

HOTFIXApply patches and security updates from Tigo Energy immediately upon release

CVEs (3)

CVE-2025-7768 CVE-2025-7769 CVE-2025-7770

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/656703e4-15be-49cf-9a40-d8c93758a93e