Primary

Context

Sungrow iSolarCloud Insecure Direct Object Reference Vulnerability in powerStationService API

Vulnerability

A vulnerability allowing Insecure Direct Object References (IDOR) has been identified in the Sungrow iSolarCloud powerStationService API. This issue could enable unauthorized access to data from other user accounts, potentially revealing sensitive information related to solar power stations. The vulnerability exists in iSolarCloud versions prior to the October 31, 2024 remediation.

Impact

Exploitation of this vulnerability could lead to unauthorized access to user data, allowing attackers to view sensitive information from other accounts.

Remediation

Sungrow iSolarCloud has been automatically updated and repaired on October 31, 2024. No action is required from customers.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sungrow iSolarCloud Insecure Direct Object Reference Vulnerability in powerStationService API

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating