Description
Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource government-resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02
Scores
CVSS v4
9.3
EPSS
0.0051
EPSS Percentile
39.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-798
Status
published
Products (1)
Tigo Energy/Cloud Connect Advanced
< 4.0.1
Published
Aug 06, 2025
Tracked Since
Feb 18, 2026