Solar grids could be hijacked and even potentially disabled by these security flaws

Date:
Fri, 28 Mar 2025 10:50:26 +0000

Description:
Several top solar invertor products were found to have vulnerabilities that could lead to device takeover.

FULL STORY

Solar inverters could be hijacked by cybercriminals to disrupt power supplies and damage the electrical grid.

46 vulnerabilities were found by Forescout [ PDF ] in solar inverters
produced by Sungrow, Growatt, and SMA.

Many of the vulnerabilities could lead to remote code execution (RCE), denial of service, device takeover, as well as access to cloud platforms and
sensitive information.

Power grid hijacking

For SMA devices, only a single vulnerability was found, CVE-2025-0731 , that allows an attacker to use a demo account to upload a .aspx (Active Server
Page Extended) file instead of a photovoltaic (PV) system picture, with the file then being executed by the sunnyportal.com web server.

As for Sungrow solar inverters, insecure direct object reference (IDOR) vulnerabilities tracked as CVE-2024-50685 , CVE-2024-50686 , and
CVE-2024-50693 could allow an attacker to harvest communication dongle serial numbers.

CVE-2024-50692 allows an attacker to use hard-coded MQTT credentials to send arbitrary commands to an arbitrary inverter dongle, or commit
man-in-the-middle (MitM) attacks against MQTT communications.

The attacker can also use one of several critical stack overflow vulnerabilities ( CVE-2024-50694 , CVE-2024-50695 , CVE-2024-50698 ) to remotely execute code on server connected dongles. Using this flow of vulnerabilities, an attacker could potentially reduce power generation during peak times to increase the load on the grid.

Growatt inverters can be hijacked via the cloud backend by listing usernames from an exposed Growatt API, and then use these usernames for
account-takeover through two IDOR vulnerabilities.

All of the disclosed vulnerabilities have since been patched by the manufacturers.

======================================================================
Link to news story: https://www.techradar.com/pro/security/solar-grids-could-be-hijacked-and-even- potentially-disabled-by-these-security-flaws

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

Mike Powell wrote to All <=-

Solar grids could be hijacked and even potentially disabled by these security flaws

I work at renewable energy company, and support dozens of solar and wind
farms. Operational Technology security is pretty good, there are best
practices and regulations in place requiring separation of internet and
OT networks. Access to the OT network is controlled and logged through
hardened servers with extensive logging.

I feel better about the OT side than the other side, IT - the
customer-facing, corporate networks. There's a much larger attack
surface there.

Not that an event isn't possible, but certainly a harder target than
others.





... Wi-Fi cannot travel through smoke.
--- MultiMail/Win v0.52
* Origin: http://realitycheckbbs.org | tomorrow's retro tech (1:218/1)

I work at renewable energy company, and support dozens of solar and wind

>farms.

Sorry, off topic.. I was just curious if you are the person who runs
the IT business www.Kurtweiske.com ?
---
* SLMR Rob * My health?... Let's just say I don't buy green bananas
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)