We have become aware of a vulnerability in older firmware versions of the SUNGROW WiNet-S and WiNet-S2 products.This vulnerability has been resolved for newer firmware versions. All users whose firmware versions are affected by this vulnerability can resolve this by logging into iSolarCloud for software updates or by contacting their installers for assistance.
This problem does not occur anymore for the newer firmware versions WiNet-S WINET-SV200.001.00.P024 and higher, and WiNet-S2 WINET-SV300.001.03.P010 and higher.
Affected Firmware Versions & Proposed Solutions
Product Name | Affected Versions | Solutions |
WiNet-S | WINET-SV200.001.00.P023 and earlier versions | Upgrade to WINET-SV200.001.00.P024 or higher |
WiNet-S2 | WINET-SV300.001.03.P009 and earlier versions | Upgrade to WINET-SV300.001.03.P010 or higher |
Vulnerability Rating
Base score: 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Temporal score: 4.8 (/E:P/RL:O/RC:C)
The scoring is based on the CVSS 3.1 standard. The scoring criteria can be referenced at
(https://www.first.org/cvss/calculator/3.1)
Recommendations
We highly recommend that you log into the iSolarCloud for the available software update or contact your installer for assistance. Have the update installed and change the password and ensure it meets certain complexity requirements (it is recommended to use a combination of at least three of the following: upper case letters, lower case letters, special characters, and numbers).
Statement
Any software/patch mentioned on this page is the copyrighted work of SUNGROW. Except for product repair purposes, you may not copy, modify, distribute, publish, license, transfer, sell, or attempt to extract the source code through methods such as decompilation.
This document does not promise any express, implied and statutory warranties, including but not limited to the warranties of merchantability, fitness for purpose and non-infringement. In no event shall Sungrow Power Supply Co., Ltd. or its direct or indirect subsidiaries be liable for any damages, including but not limited to direct, indirect, incidental, consequential, or special damages, or any loss of business profits or special losses. You assume all legal responsibilities arising from any use of this document. SUNGROW reserves the right to modify or update the content and information in this document at any time.