FKIE_CVE-2024-50692

Vulnerability from fkie_nvd - Published: 2025-01-24 23:15 - Updated: 2025-05-29 16:02
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level.
References
cve@mitre.orghttps://en.sungrowpower.com/security-notice-detail-2/5961Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0https://mqtt-pwn.readthedocs.io/en/latest/intro.htmlProduct
Impacted products
Vendor Product Version
sungrowpower winet-s_firmware 200.001.00.p027
sungrowpower winet-s_firmware *
sungrowpower winet-s -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sungrowpower:winet-s_firmware:200.001.00.p027:*:*:*:*:*:*:*",
              "matchCriteriaId": "63F88B4E-D11C-45DA-B951-A2198E22F316",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sungrowpower:winet-s_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EC5C36C-0726-4C02-9C89-FC97EB06D144",
              "versionEndExcluding": "200.001.00.p027",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sungrowpower:winet-s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "30D17448-43BC-46D6-87E8-B67F5FBBDFB5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SunGrow WiNet-SV200.001.00.P027 and earlier versions contains hardcoded MQTT credentials that allow an attacker to send arbitrary commands to an arbitrary inverter. It is also possible to impersonate the broker, because TLS is not used to identify the real MQTT broker. This means that MQTT communications are vulnerable to MitM attacks at the TCP/IP level."
    },
    {
      "lang": "es",
      "value": "SunGrow WiNet-SV200.001.00.P027 y versiones anteriores contienen credenciales MQTT codificadas que permiten a un atacante enviar comandos arbitrarios a un inversor arbitrario. Tambi\u00e9n es posible hacerse pasar por el br\u00f3ker, ya que no se utiliza TLS para identificar al br\u00f3ker MQTT real. Esto significa que las comunicaciones MQTT son vulnerables a ataques MitM a nivel TCP/IP."
    }
  ],
  "id": "CVE-2024-50692",
  "lastModified": "2025-05-29T16:02:26.353",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-24T23:15:08.893",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://en.sungrowpower.com/security-notice-detail-2/5961"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Product"
      ],
      "url": "https://mqtt-pwn.readthedocs.io/en/latest/intro.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-798"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.