SolisCloud Monitoring Platform

MonitorCVSS 7.7ICS-CERT ICSA-25-338-06Dec 4, 2025

Attack path

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The SolisCloud Monitoring Platform (versions 1|2) contains an authorization flaw (CWE-639) that allows an authenticated attacker to manipulate API requests to the Cloud API or Device Control API and access sensitive information they should not have permission to view. The vulnerability affects the ability to control and monitor connected devices and has a CVSS score of 7.7. SolisCloud has not responded to mitigation requests from CISA, and no patch is currently available.

What this means

What could happen

An attacker with valid user credentials could access sensitive information from the SolisCloud Monitoring Platform API, potentially exposing configuration data or operational details from connected solar energy systems or other monitored devices.

Who's at risk

Organizations operating solar energy systems or industrial generation facilities that use SolisCloud Monitoring Platform for device monitoring and control should be concerned. This affects water utilities, municipal electric utilities, and industrial facilities using Solis inverters or similar equipment managed through the cloud platform.

How it could be exploited

An attacker with legitimate SolisCloud credentials manipulates API requests to the Cloud API or Device Control API to retrieve data they should not have access to. This could occur through direct API calls from a compromised account or workstation with network access to SolisCloud services.

Prerequisites

Valid SolisCloud user credentials (username/password or API token)
Network access to SolisCloud Monitoring Platform APIs (typically internet-accessible)
Ability to craft or intercept API requests

Remotely exploitableAuthentication required (valid credentials)No patch availableAPI-based information disclosure

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

Monitoring Platform (Cloud API & Device Control API): 1|21|2No fix yet

Remediation & Mitigation

0/5

Do now

0/3

HARDENINGRestrict user access to SolisCloud accounts to essential personnel only; disable or remove unused user accounts

HARDENINGEnforce strong, unique passwords for all SolisCloud user accounts; enable multi-factor authentication if available

HARDENINGMonitor SolisCloud API activity logs for unusual data access patterns or requests from unfamiliar IP addresses

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGSegregate the network segment containing SolisCloud monitoring infrastructure from business IT networks and the internet using firewalls; restrict inbound access to authorized locations only

WORKAROUNDIf remote access to SolisCloud is required, use a VPN with current security patches and multi-factor authentication rather than direct internet exposure

CVEs (1)

CVE-2025-13932

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/c0ffb4ae-65fe-4f59-847a-7ae3f4a9a6b9

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.