top of page
SolisCloud Monitoring Platform
4 december 2025 om 12:00:00
cisa.gov
CISA advisory for CVE-2025-13932 affecting SolisCloud Monitoring Platform Cloud API and Device Control API versions 1 and 2. The vulnerability is an Authorization Bypass Through User-Controlled Key (CWE-639) with CVSS v4 score of 8.3. It allows authenticated users to access sensitive plant data by manipulating plant_id parameters in API requests. The vulnerability affects energy sector infrastructure worldwide. SolisCloud has not responded to CISA's mitigation requests. No known public exploitation has been reported yet.
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-25-338-06https://github.com/cisagov/CSAFhttps://cwe.mitre.org/data/definitions/639.htmlhttps://www.cve.org/CVERecord?id=CVE-2025-13932https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:Nhttps://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:Nhttps://www.solisinverters.com/uk/contactus.htmlhttps://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01https://www.cisa.gov/resources-tools/resources/ics-recommended-practiceshttps://www.cisa.gov/topics/industrial-control-systemshttps://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdfhttps://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdfhttps://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01Bhttps://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdfhttps://www.cisa.gov/uscert/ncas/tips/ST04-014
Related CVE's:
CVE-2025-13932
Related threat actors:
No threat actors found in this article
Affected products:
SolisCloud Monitoring Platform
IOC's:
No IOCs found in this article
bottom of page