CyberSecurity news
Anna Ribeiro@Industrial Cyber
//
Cybersecurity researchers have uncovered 46 new vulnerabilities in solar inverters from leading vendors Sungrow, Growatt, and SMA. These flaws could be exploited by malicious actors to seize control of the devices remotely, posing severe risks to electrical grids. The vulnerabilities, collectively named SUN:DOWN by Forescout Vedere Labs, can enable attackers to execute arbitrary commands, take over accounts, and gain a foothold in vendor infrastructure, potentially leading to control of inverter owners' devices.
Researchers found that these flaws could be used to conduct coordinated large-scale cyber-attacks that target power generation and ultimately, grid failures. The vulnerabilities impact various components within solar power systems, including panels, PV inverters, and communication dongles. While Sungrow and SMA have patched the reported issues, Growatt's response was slower, and the researchers believe an attacker gaining control of a large number of inverters could cause instability to power grids, leading to potential blackouts.
ImgSrc: industrialcyber
References :
- ciso2ciso.com: Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA – Source:thehackernews.com
- The Hacker News: Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids.
- : Solar Power System Vulnerabilities Could Result in Blackouts
- www.scworld.com: 46 new bugs in solar power inverters raise concerns over power grid stability
- Industrial Cyber: Forescout SUN:DOWN research uncovers critical vulnerabilities in solar inverters that threaten power grid stability
- www.cybersecuritydive.com: Solar power gear vulnerable to remote sabotage
- www.techradar.com: Several top solar invertor products were found to have vulnerabilities that could lead to device takeover.
- The DefendOps Diaries: Securing Solar Inverters: Addressing Vulnerabilities in Renewable Energy Systems
- Cyber Security News: Critical security flaws in global solar power infrastructure could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale.
- Cyber Security News: 46 New Vulnerabilities in Solar Inverters Let Attackers Manipulate Settings
- www.techradar.com: Hackers could exploit weak security in solar inverters, manipulating energy production, stealing user data, and even disrupting entire power networks with alarming ease.
Classification:
- HashTags: #SolarInverters #PowerGrid #Vulnerabilities
- Company: Forescout
- Target: Power Grids
- Product: Solar Inverters
- Feature: remote code execution
- Malware: SUN:DOWN
- Type: Vulnerability
- Severity: Major