Description

The SunPower PVS6's BluetoothLE interface is vulnerable due to its use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range could exploit this vulnerability to gain full access to the device's servicing interface. This access allows the attacker to perform actions such as firmware replacement, disabling power production, modifying grid settings, creating SSH tunnels, altering firewall settings, and manipulating connected devices.

INFO

Published Date :

2025-09-02T16:34:35.362Z

Last Modified :

2025-09-02T17:39:59.231Z

Source :

icscert
AFFECTED PRODUCTS

The following products are affected by CVE-2025-9696 vulnerability.

Vendors Products
Sunpower
  • Pvs6
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-9696.

URL Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-245-03 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability