Cybersecurity researchers from Forescout Vedere Labs have identified 46 critical security vulnerabilities affecting solar inverters from companies Sungrow, Growatt, and SMA. These flaws could potentially allow unauthorized individuals to take control of devices, execute code remotely, and create severe risks for electrical grids, leading to systems instability and compromising energy production.

The vulnerabilities, collectively named SUN:DOWN, enable a wide range of malicious activities. Some of the most alarming issues include the ability for attackers to upload harmful files to execute commands remotely and unauthorized access to account information. For instance:

• Attackers can upload .aspx files executing on SMA’s web server, facilitating remote code execution.
• Unauthenticated users can enumerate usernames through exposed endpoints, leading to account hijacking.
• Attackers could gain access to sensitive information about other users’ devices, including smart meter serial numbers.
• There are opportunities for unauthorized users to reconfigure electric vehicle chargers, exposing critical infrastructure to physical damage or data breaches.

Particularly troubling is the Android application from Sungrow, that employs an insecure AES key for encrypting client data, making it vulnerable to interception. Moreover, the application ignores certificate errors, leaving it open to man-in-the-middle attacks.

Forescout warned that if exploited on a large scale, these vulnerabilities could allow attackers to manipulate energy delivery to grids, resulting in potential blackouts or disruptions. In a scenario involving Growatt inverters, a threat actor could leverage exposed APIs to reset account passwords, hijack accounts, and facilitate broader attacks through a botnet of compromised inverters.

The vendors have responded to the issues with security patches following responsible disclosures. However, Daniel dos Santos, Head of Research at Forescout, emphasized the need for stringent security assessments when sourcing solar equipment, regular risk evaluations, and maintaining comprehensive network oversight.

The situation is aggravated by other unpatched vulnerabilities found in production line monitoring cameras from Inaba Denki Sangyo, further highlighting a continuous trend of security deficiencies in critical infrastructure. These can enable unauthorized surveillance or hinder the recording of key production disruptions.

Overall, both the solar inverter vulnerabilities and the camera flaws underline a pressing need for improved security protocols as technology increasingly intertwines with vital infrastructure systems.

Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.