FlagThis

Cybersecurity researchers have uncovered 46 new vulnerabilities in solar inverters from leading vendors Sungrow, Growatt, and SMA. These flaws could be exploited by malicious actors to seize control of the devices remotely, posing severe risks to electrical grids. The vulnerabilities, collectively named SUN:DOWN by Forescout Vedere Labs, can enable attackers to execute arbitrary commands, take over accounts, and gain a foothold in vendor infrastructure, potentially leading to control of inverter owners' devices.

Researchers found that these flaws could be used to conduct coordinated large-scale cyber-attacks that target power generation and ultimately, grid failures. The vulnerabilities impact various components within solar power systems, including panels, PV inverters, and communication dongles. While Sungrow and SMA have patched the reported issues, Growatt's response was slower, and the researchers believe an attacker gaining control of a large number of inverters could cause instability to power grids, leading to potential blackouts.

ImgSrc: blogger.googleu

References :

• ciso2ciso.com: Researchers Uncover 46 Critical Flaws in Solar Inverters From Sungrow, Growatt, and SMA – Source:thehackernews.com
• The Hacker News: Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids.
• : Solar Power System Vulnerabilities Could Result in Blackouts
• www.scworld.com: 46 new bugs in solar power inverters raise concerns over power grid stability

Classification:

• HashTags: #SolarInverters #PowerGrid #Vulnerabilities
• Company: Forescout
• Target: Power Grids
• Product: Solar Inverters
• Feature: remote code execution
• Malware: SUN:DOWN
• Type: Vulnerability
• Severity: Major