CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-50687

Medium Severity
SVRS
38/100
CVSSv3
9.1/10
EPSS
0.00045/1

CVE-2024-50687 is a critical security vulnerability affecting SunGrow iSolarCloud, specifically versions prior to the October 31, 2024 patch. This IDOR (Insecure Direct Object References) vulnerability allows unauthorized access to resources via the devService API model. While the CVSS score is high at 9.1, the SOCRadar Vulnerability Risk Score (SVRS) is 38, indicating a lower immediate threat level despite the vulnerability being tagged as "In The Wild." Attackers could potentially manipulate object references to access or modify data they shouldn't, posing a risk to data confidentiality and integrity. Organizations using vulnerable versions of iSolarCloud should prioritize applying the available patch to mitigate this risk. Ignoring this vulnerability could lead to unauthorized data access and system compromise.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:N
PUBLICATION DATE2025-02-26
LAST MODIFIED2025-04-07
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-50687 describes an Insecure Direct Object Reference (IDOR) vulnerability in SunGrow iSolarCloud versions prior to the October 31, 2024 remediation. Specifically, the devService API model is susceptible to this flaw. With a CVSS score of 9.1, the Common Vulnerability Scoring System considers this critical. However, the SOCRadar Vulnerability Risk Score (SVRS) is 38, suggesting a lower level of immediate risk compared to a score above 80. Despite the relatively low SVRS score, the presence of the "In The Wild" tag indicates that this vulnerability is actively exploited by hackers.

Key Insights

  1. IDOR Vulnerability: The core issue is an IDOR vulnerability, meaning attackers can potentially access or modify data belonging to other users by manipulating the object references used in API requests. This could lead to unauthorized access to sensitive solar energy system data, including production metrics, configuration settings, and potentially control over the system itself.
  2. Impact on Solar Energy Systems: Given that iSolarCloud is a platform for monitoring and managing solar energy systems, exploitation of this vulnerability could have significant consequences. Attackers could manipulate energy production data, disrupt system operations, or even gain control of connected devices.
  3. Actively Exploited: Despite the low SVRS, the "In The Wild" tag suggests active exploitation of this vulnerability, heightening the risk despite the numerical SVRS score. This likely indicates limited exploitability or targeted exploitation rather than widespread attacks.
  4. Lack of Information on Threat Actors/Exploit Status/CISA Warnings: The information available does not specify particular Threat Actors/APT Groups actively exploiting the vulnerability, active exploits' status, or CISA Warnings associated with CVE-2024-50687.

Mitigation Strategies

  1. Apply the October 31, 2024 Remediation: The primary mitigation step is to ensure that the SunGrow iSolarCloud installation is updated with the remediation released on or before October 31, 2024. This patch should address the IDOR vulnerability in the devService API model.
  2. Implement Robust Access Controls: Implement robust access controls and input validation on the devService API and all other APIs handling sensitive data. Verify that users only have access to the data they are authorized to view or modify.
  3. Monitor API Activity: Implement monitoring and logging of API activity, specifically focusing on requests to the devService API. This will enable the detection of suspicious activity and potential exploitation attempts. Look for unusual patterns in API requests, especially those involving manipulation of object references.
  4. Conduct Penetration Testing: Perform regular penetration testing on the iSolarCloud environment to identify and address other potential vulnerabilities. Focus testing efforts on API endpoints and areas handling sensitive data.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Sungrow iSolarCloud Android App WiNet Firmware
CISA2025-03-13
Sungrow iSolarCloud Android App WiNet Firmware | View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely Vendor: Sungrow Equipment<
us-cert.gov
rss
forum
news
CVE-2024-50687 | SunGrow iSolarCloud App devService API Model resource injection
vuldb.com2025-03-05
CVE-2024-50687 | SunGrow iSolarCloud App devService API Model resource injection | A vulnerability was found in SunGrow iSolarCloud App. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component devService API Model. The manipulation leads to improper control of resource identifiers. This vulnerability is known as CVE-2024-50687. The attack needs to be done within the
vuldb.com
rss
forum
news

Social Media

CVE-2024-50687 SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService API model. https://t.co/TUqBrWXhw7
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://en.sungrowpower.com/security-notice-detail-2/6114
[email protected]https://en.sungrowpower.com/security-notice-detail-2/6114

CWE Details

CWE IDCWE NameDescription
CWE-639Authorization Bypass Through User-Controlled KeyThe system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence