Growatt Cloud Applications Authorization Bypass Vulnerability Allowing Unauthenticated Device Management

A vulnerability exists in Growatt Cloud Applications, specifically in the cloud portal versions through 3.6.0, allowing unauthenticated attackers to manipulate devices associated with other users. Exploitation of this vulnerability enables the addition of devices to scenes, potentially leading to unauthorized control over those devices.

Impact

Exploitation of this vulnerability could result in unauthorized management of devices, including the potential to control physical actions of those devices remotely.

Remediation

Growatt has reported that the cloud-based vulnerabilities were patched and no user action is needed. Users are advised to update all devices to the latest firmware version when available, use strong passwords, enable multi-factor authentication where applicable, and report any security concerns to Growatt's service email. CISA also recommends minimizing network exposure for control system devices, using firewalls to isolate control system networks from business networks, and employing secure remote access methods like VPNs.