ICSA-25-072-12 · Published 2025-03-13 · View on CISA ICS-CERT ↗

Sungrow iSolarCloud Android App, WiNet Firmware

CVSS 8.2 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could result in attackers being able to access and could modify sensitive information.

CVEs (15)

CVE-2024-50691 CVE-2024-50684 CVE-2024-50685 CVE-2024-50693 CVE-2024-50689 CVE-2024-50686 CVE-2024-50687 CVE-2024-50688 CVE-2024-50692 CVE-2024-50690 CVE-2024-50694 CVE-2024-50697 CVE-2024-50695 CVE-2024-50698 CVE-2024-50696

Remediations

Sungrow has released updated versions of affected firmware. Users are encouraged to apply version WINET-SV200.001.00.P028 or higher. Users should also update their iSolarCloud Android App to the latest version via device app store. The iSolarCloud has been repaired and requires no further user action.
For more information refer to Sungrow's security notice.

Affected Vendors

Sungrow

Affected Products (2)

Sungrow · iSolarCloud Android App <=2.1.6

Sungrow · WiNet Firmware vers:all/*

Affected Sectors

Energy

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more