PatchSiren cyber security CVE debrief
CVE-2024-50692 Sungrow CVE debrief
CVE-2024-50692 is a high-severity Sungrow issue in WiNet module firmware where hardcoded MQTT credentials could let an attacker impersonate a device-facing MQTT broker. CISA’s advisory also lists Sungrow iSolarCloud Android App <=2.1.6 and WiNet Firmware (all versions) as affected products, with vendor guidance to update WiNet firmware to WINET-SV200.001.00.P028 or higher and install the latest iSolarCloud app version.
- Vendor
- Sungrow
- Product
- iSolarCloud Android App
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-03-13
- Original CVE updated
- 2025-03-13
- Advisory published
- 2025-03-13
- Advisory updated
- 2025-03-13
Who should care
Sungrow customers, solar/energy operators, ICS/OT administrators, asset owners running Sungrow WiNet gear, and security teams responsible for mobile app and firmware patching in industrial or distributed energy environments.
Technical summary
The advisory states that the WiNet module firmware contains hardcoded MQTT credentials, which could allow an attacker to impersonate a device-facing MQTT broker. CISA’s CSAF lists affected products as Sungrow iSolarCloud Android App <=2.1.6 and Sungrow WiNet Firmware: vers:all/*. The vendor remediation guidance says Sungrow has released updated firmware and recommends applying WINET-SV200.001.00.P028 or higher; it also says the iSolarCloud app has been repaired and should be updated via the device app store. The source description says exploitation may lead to unauthorized access to user accounts, sensitive information, and arbitrary code execution.
Defensive priority
High priority for affected Sungrow deployments, especially where WiNet firmware is exposed in operational environments or patching is delayed.
Recommended defensive actions
- Inventory Sungrow WiNet and iSolarCloud deployments and confirm whether affected versions are in use.
- Update WiNet firmware to WINET-SV200.001.00.P028 or higher as recommended by the vendor.
- Update the iSolarCloud Android App to the latest version from the device app store.
- Review asset access controls and monitor for unusual MQTT/broker communications involving Sungrow devices.
- Use CISA and vendor advisories to validate remediation status and track any follow-on guidance.
Evidence notes
This debrief is based only on the supplied CISA CSAF advisory and the official references provided in the corpus. The vulnerability description, affected product scope, and remediation guidance are taken from the advisory metadata and remediations. No KEV entry or ransomware-campaign linkage was provided in the source corpus. Timing context uses the advisory publication date of 2025-03-13, not the debrief generation date.
Official resources
-
CVE-2024-50692 CVE record
CVE.org
-
CVE-2024-50692 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
CISA published the CSAF advisory ICSA-25-072-12 on 2025-03-13 (initial publication). The source corpus does not list a KEV addition date or known ransomware campaign use.