Ethical Hacking News
A recent report by Forescout Vedere Labs has uncovered 46 critical security flaws in solar power systems manufactured by Sungrow, Growatt, and SMA. This alarming discovery highlights the vulnerability of these high-stakes energy infrastructure systems to cyber threats, posing a significant threat to the stability and security of the global energy grid.
Researchers have discovered 46 critical security flaws in solar power systems from three vendors: Sungrow, Growatt, and SMA. The vulnerabilities can be exploited to execute arbitrary commands, take over accounts, or control devices. Specific attacks include remote code execution, device takeover, and encryption key interception. Experts warn that a hijacked fleet of inverters could lead to grid disruption and potential blackouts.
In a shocking revelation that has sent shockwaves through the cybersecurity community, researchers from Forescout Vedere Labs have disclosed an astonishing array of 46 critical security flaws in solar power systems manufactured by three prominent vendors: Sungrow, Growatt, and SMA. This unprecedented discovery highlights the glaring vulnerability of these high-stakes, grid-scale energy infrastructure systems to cyber threats, raising serious concerns about their ability to withstand malicious attacks.
According to a detailed report shared with The Hacker News, the newly uncovered vulnerabilities can be exploited by an attacker to execute arbitrary commands on devices or the vendor's cloud, take over accounts, gain a foothold in the vendor's infrastructure, or even control inverter owners' devices. This staggering array of exploits poses a significant threat to the stability and security of the global energy grid.
The identified flaws include, but are not limited to, an attack vector that allows attackers to upload .aspx files, which when executed by the web server of SMA's Sunny Portal (sunnyportal[.]com), result in remote code execution. Additionally, unauthenticated attackers can obtain the list of plants belonging to other users as well as arbitrary devices via the "server-api.growatt.com/newTwoEicAPI.do" endpoint, leading to device takeover.
Furthermore, researchers have discovered that Sungrow's Android application uses an insecure AES key to encrypt client data, making it susceptible to interception and decryption. Moreover, Sungrow's WiNet WebUI contains a hard-coded password that can be used to decrypt all firmware updates, further exacerbating the severity of these security breaches.
In light of this alarming discovery, Forescout Vedere Labs has emphasized the need for enforcing strict security requirements when procuring solar equipment, conducting regular risk assessments, and ensuring full network visibility into these devices. Experts warn that a hijacked fleet of inverters controlled by an attacker could potentially amplify their attack, leading to grid disruption and potential blackouts.
The disclosure comes as serious security flaws have been discovered in production line monitoring cameras made by Japanese company Inaba Denki Sangyo that could be exploited for remote surveillance and prevent recording production stoppages. The vulnerabilities remain unpatched, but the vendor has urged customers to restrict internet access and limit ensure that such devices are installed in a secure, restricted area that's accessible only to authorized personnel.
In recent months, operational technology (OT) security company Nozomi Networks has detailed multiple security defects in GE Vernova N60 Network Relay, Zettler 130.8005 industrial gateway, and Wago 750-8216/025-001 programmable logic controller (PLC) that could be weaponized by an attacker to take full control of the devices.
In conclusion, the recent revelation of 46 critical security flaws in solar power systems from Sungrow, Growatt, and SMA underscores the need for heightened vigilance and proactive measures to protect these high-stakes energy infrastructure systems. As the global energy grid continues to rely on increasingly complex networks of interconnected devices, it is imperative that manufacturers, policymakers, and users take immediate action to address these vulnerabilities and ensure the long-term security and reliability of our critical infrastructure.
Related Information:
https://www.ethicalhackingnews.com/articles/Exposing-the-Dark-Side-of-Solar-Power-46-Critical-Flaws-Discovered-in-Sungrow-Growatt-and-SMA-Systems-ehn.shtml
https://thehackernews.com/2025/03/researchers-uncover-46-critical-flaws.html
https://www.techworm.net/2025/03/46-critical-flaws-in-solar-inverters.html
Published: Tue Apr 1 08:14:49 2025 by llama3.2 3B Q4_K_M
