CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-50685

Medium Severity
SVRS
38/100
CVSSv3
9.1/10
EPSS
0.00045/1

CVE-2024-50685: iSolarCloud Insecure Direct Object Reference (IDOR) vulnerability. This flaw in SunGrow iSolarCloud before the October 31, 2024 patch, allows unauthorized access to resources via the powerStationService API model. An attacker could manipulate object references to access or modify data belonging to other users. The CVSS score is 9.1 indicating high severity, however the SOCRadar Vulnerability Risk Score (SVRS) is 38, suggesting a lower immediate risk compared to vulnerabilities with scores above 80. Despite the lower SVRS, the presence of CWE-639, authorization bypass via IDOR, means that it's critical to patch to prevent data breaches. Failure to address this could lead to unauthorized access, data modification, and potential compromise of user powerStationService information.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:N
PUBLICATION DATE2025-02-26
LAST MODIFIED2025-04-07
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-50685 is an Insecure Direct Object Reference (IDOR) vulnerability affecting SunGrow iSolarCloud before the October 31, 2024 remediation. Specifically, the powerStationService API model is susceptible to unauthorized access due to this flaw. While the CVSS score is 9.1 (Critical), the SOCRadar Vulnerability Risk Score (SVRS) is 38, indicating a lower real-world risk than the CVSS score alone suggests. The "In The Wild" tag indicates the vulnerability is being actively exploited by hackers.

Key Insights

  1. IDOR Vulnerability: The vulnerability stems from the lack of proper authorization checks when accessing resources through the powerStationService API. This allows attackers to potentially access or modify data related to power stations that they are not authorized to manage.
  2. Active Exploitation: The presence of the "In The Wild" tag signifies that attackers are actively exploiting this vulnerability. Although the SVRS score is relatively low, the fact that it's being exploited makes it a higher priority for remediation.
  3. Limited Real-World Risk Indication: The SVRS score of 38 contrasts with the CVSS score of 9.1. This suggests that, despite its potential severity, the vulnerability may not be as widely exploited or as easily exploitable as the CVSS score alone would indicate. However, because it is "In The Wild", vigilance is important.

Mitigation Strategies

  1. Apply Patch/Upgrade: The primary mitigation is to apply the security patch or upgrade provided by SunGrow that remediates the IDOR vulnerability in the powerStationService API. The Description states that the vulnerability was fixed before October 31, 2024. Ensure systems are upgraded to version after this date.
  2. Implement Robust Access Controls: Even after patching, implement more robust access control mechanisms. This includes proper authentication and authorization checks at the API level to ensure that users can only access resources they are explicitly permitted to access. This should involve validating user permissions against each request made to the powerStationService API.
  3. Web Application Firewall (WAF) Rules: Deploy or update WAF rules to detect and block malicious requests targeting the vulnerable API endpoint. WAFs can provide an additional layer of defense by identifying and preventing exploitation attempts based on known attack patterns.
  4. Monitor for Suspicious Activity: Implement continuous monitoring and logging to detect any suspicious activity related to the powerStationService API. This includes monitoring for unauthorized access attempts, unusual data modifications, or any other anomalous behavior that could indicate exploitation of the vulnerability.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Sungrow iSolarCloud Android App WiNet Firmware
CISA2025-03-13
Sungrow iSolarCloud Android App WiNet Firmware | View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely Vendor: Sungrow Equipment<
us-cert.gov
rss
forum
news
CVE-2024-50685 | SunGrow iSolarCloud App powerStationService API Model resource injection
vuldb.com2025-03-05
CVE-2024-50685 | SunGrow iSolarCloud App powerStationService API Model resource injection | A vulnerability classified as critical has been found in SunGrow iSolarCloud App. This affects an unknown part of the component powerStationService API Model. The manipulation leads to improper control of resource identifiers. This vulnerability is uniquely identified as CVE-2024-50685. Access to the local network is required for this attack. There is
vuldb.com
rss
forum
news

Social Media

CVE-2024-50685 SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the powerStationService API model. https://t.co/XvVqQxl67i
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://en.sungrowpower.com/security-notice-detail-2/6118
[email protected]https://en.sungrowpower.com/security-notice-detail-2/6118

CWE Details

CWE IDCWE NameDescription
CWE-639Authorization Bypass Through User-Controlled KeyThe system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence