Insecure Direct Object References in SunGrow iSolarCloud API
CVE-2024-50693

9.1CRITICAL

Key Information:

Vendor: SunGrow
Status: iSolarCloud
Vendor: CVE Published:; 26 February 2025

What is CVE-2024-50693?

The SunGrow iSolarCloud platform is susceptible to insecure direct object references (IDOR) through its userService API model. This vulnerability potentially allows attackers to access resources or functionalities that they are not authorized to, compromising the integrity and confidentiality of user data. Users are encouraged to apply the upcoming remediation scheduled for October 31, 2024, to mitigate any associated risks.

References

https://en.sungrowpower.com/security-notice-detail-2/6120

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 26, 2025
Vulnerability Reserved
Oct 28, 2024

JSON