CVE 9.3 CRITICAL

Use of Hard-coded Credentials in Tigo Energy Cloud Connect Advanced

August 6, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.

AI Analysis

Tigo Energy's Cloud Connect Advanced device has hard-coded credentials, allowing unauthorized users to gain admin access, potentially disrupting solar production and safety features.

Basic Information

ID CVE-2025-7768

Source icscert

Published Aug 6, 2025 at 20:28

Modified Aug 6, 2025 at 20:41

Affected Product

Vendor Tigo Energy

Product Cloud Connect Advanced

Affected Versions Tigo Energy Cloud Connect Advanced 0

CWE Classification

CWE-798

AI Assessment

AI Severity Critical

Vendor Tigo Energy

Product Cloud Connect Advanced

References

www.cisa.gov /news-events/ics-advisories/icsa-25-217-02

{
    "lastseen": "",
    "description": "Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar energy production, and interfering with safety mechanisms.",
    "published": "2025-08-06T20:28:43.631Z",
    "modified": "2025-08-06T20:41:11.923Z",
    "type": "cve",
    "title": "Use of Hard-coded Credentials in Tigo Energy Cloud Connect Advanced",
    "source": "icscert",
    "references": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-217-02",
    "id": "CVE-2025-7768",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "Tigo Energy Cloud Connect Advanced 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Cloud Connect Advanced",
    "version": "0",
    "vendor": "Tigo Energy",
    "ai_description": "Tigo Energy's Cloud Connect Advanced device has hard-coded credentials, allowing unauthorized users to gain admin access, potentially disrupting solar production and safety features.",
    "ai_severity": "Critical",
    "ai_vendor": "Tigo Energy",
    "ai_product": "Cloud Connect Advanced",
    "ai_version": "0",
    "ai_score": 0
}

💭 Join the Security Discussion ❌ Cancel Reply