CVE-2024-1889 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-1889?
CVE-2024-1889 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability affecting SMA Cluster Controller version 01.05.01.R. This vulnerability allows an attacker to send a malicious link to an authenticated user, enabling them to perform actions with the user's permissions on the affected device. The types of systems impacted include devices for monitoring and controlling SMA inverters, such as SMA Cluster Controller and Sunny Webbox.
Who is impacted by CVE-2024-1889?
The CVE-2024-1889 vulnerability affects authenticated users of SMA Cluster Controller devices, specifically version 01.05.01.R. Additionally, Sunny Webbox devices with versions 1.61 and earlier are also impacted by this vulnerability. Users of these devices should be aware of the potential risks and stay informed about any updates or solutions to address the issue.
What should I do if I’m affected?
If you're affected by the CVE-2024-1889 vulnerability, it's important to stay informed and take necessary precautions. Unfortunately, there's no reported solution yet. Monitor updates from SMA and security organizations. Limit access to the affected devices to trusted users only. Be cautious when clicking on links received via email or messaging apps.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-1889 vulnerability is not mentioned in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-352, which is a Cross-Site Request Forgery (CSRF) issue affecting SMA Cluster Controller devices.
Learn More
For a comprehensive understanding of this vulnerability, including technical details and affected software configurations, refer to the NVD page.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-1889 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-1889?
CVE-2024-1889 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability affecting SMA Cluster Controller version 01.05.01.R. This vulnerability allows an attacker to send a malicious link to an authenticated user, enabling them to perform actions with the user's permissions on the affected device. The types of systems impacted include devices for monitoring and controlling SMA inverters, such as SMA Cluster Controller and Sunny Webbox.
Who is impacted by CVE-2024-1889?
The CVE-2024-1889 vulnerability affects authenticated users of SMA Cluster Controller devices, specifically version 01.05.01.R. Additionally, Sunny Webbox devices with versions 1.61 and earlier are also impacted by this vulnerability. Users of these devices should be aware of the potential risks and stay informed about any updates or solutions to address the issue.
What should I do if I’m affected?
If you're affected by the CVE-2024-1889 vulnerability, it's important to stay informed and take necessary precautions. Unfortunately, there's no reported solution yet. Monitor updates from SMA and security organizations. Limit access to the affected devices to trusted users only. Be cautious when clicking on links received via email or messaging apps.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-1889 vulnerability is not mentioned in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-352, which is a Cross-Site Request Forgery (CSRF) issue affecting SMA Cluster Controller devices.
Learn More
For a comprehensive understanding of this vulnerability, including technical details and affected software configurations, refer to the NVD page.
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
CVE-2024-1889 Report - Details, Severity, & Advisories
Twingate Team
•
May 30, 2024
What is CVE-2024-1889?
CVE-2024-1889 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability affecting SMA Cluster Controller version 01.05.01.R. This vulnerability allows an attacker to send a malicious link to an authenticated user, enabling them to perform actions with the user's permissions on the affected device. The types of systems impacted include devices for monitoring and controlling SMA inverters, such as SMA Cluster Controller and Sunny Webbox.
Who is impacted by CVE-2024-1889?
The CVE-2024-1889 vulnerability affects authenticated users of SMA Cluster Controller devices, specifically version 01.05.01.R. Additionally, Sunny Webbox devices with versions 1.61 and earlier are also impacted by this vulnerability. Users of these devices should be aware of the potential risks and stay informed about any updates or solutions to address the issue.
What should I do if I’m affected?
If you're affected by the CVE-2024-1889 vulnerability, it's important to stay informed and take necessary precautions. Unfortunately, there's no reported solution yet. Monitor updates from SMA and security organizations. Limit access to the affected devices to trusted users only. Be cautious when clicking on links received via email or messaging apps.
Is this in CISA’s Known Exploited Vulnerabilities Catalog?
The CVE-2024-1889 vulnerability is not mentioned in CISA's Known Exploited Vulnerabilities Catalog.
Weakness Enumeration
The weakness enumeration for this vulnerability is categorized as CWE-352, which is a Cross-Site Request Forgery (CSRF) issue affecting SMA Cluster Controller devices.
Learn More
For a comprehensive understanding of this vulnerability, including technical details and affected software configurations, refer to the NVD page.
Solutions
Solutions
The VPN replacement your workforce will love.
Solutions