CyberSecurityBoard
Sponsor Register Login

46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings

Researchers have uncovered critical security flaws in global solar power infrastructure that could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale. Research indicates over half of solar inverter manufacturers (53%) and storage system providers (58%) originate from China, raising questions about supply chain security in critical infrastructure components. A recent investigation revealed 46 new vulnerabilities across three of the world’s top 10 solar inverter vendors, exposing systemic weaknesses in these increasingly essential components of modern power grids. Power utilities, device manufacturers, and regulators must collaborate to implement stronger security protocols and verification processes throughout the solar power supply chain. As solar power adoption accelerates globally, addressing these fundamental security weaknesses becomes increasingly critical to ensure grid stability and protect consumer privacy. Their analysis found that over the past three years, an average of 10 vulnerabilities in solar power systems have been disclosed annually, with 80% classified as high or critical severity. For Growatt inverters, researchers identified vulnerabilities enabling cloud-based takeover, granting unauthorized access to user resources and control of solar plants. Forescout researchers noted these security gaps are part of a troubling pattern in the solar power ecosystem. The vulnerabilities enable attackers to tamper with inverter settings through various attack vectors, including unauthorized access to cloud management platforms and exploitation of communication protocols. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Even more concerning, 30% of these vulnerabilities received the highest possible CVSS scores (9.8-10), indicating attackers could gain complete control of affected systems. The exploitation chain continues with publishing malicious messages that trigger remote code execution, ultimately resulting in complete takeover of the inverter system and its operational parameters.

This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 29 Mar 2025 08:35:09 +0000


Cyber News related to 46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings

46 New Vulnerabilities in Solar Inverters Systems Let Attackers Tamper Inverter Settings - Researchers have uncovered critical security flaws in global solar power infrastructure that could potentially allow malicious actors to seize control of solar inverters and manipulate power generation at scale. Research indicates over half of solar ...
2 days ago Cybersecuritynews.com
Dozens of solar inverter flaws could be exploited to attack power grids - Apart from disrupting a power grid, the disclosed vulnerabilities can also be exploited in scenarios that impact user privacy, hijacking smart devices in the house that may be controlled through the vendor's cloud platform, or even ransomware attacks ...
4 days ago Bleepingcomputer.com CVE-2024-50694
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
1 year ago Cyberdefensemagazine.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
1 year ago Securityintelligence.com
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
1 year ago Securityboulevard.com
CVE-2017-9860 - ** DISPUTED ** An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom ...
5 years ago
Renewable Energy Technology: Powering the Future - Engage in the discussion on how renewable energy technology is set to revolutionize our world and reshape the energy landscape for future generations. From rooftop solar panels to large solar farms, this renewable technology is leading us towards ...
1 year ago Securityzap.com
Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids - Cyber Defense Magazine - Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the ...
6 months ago Cyberdefensemagazine.com
CVE-2023-46254 - capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind ...
7 months ago
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
8 months ago Helpnetsecurity.com
Preparing for Q-Day as NIST nears approval of PQC standards - Q-Day-the day when a cryptographically relevant quantum computer can break most forms of modern encryption-is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few ...
8 months ago Helpnetsecurity.com
East Texas hospital network can't receive ambulances because of potential cybersecurity incident - GetTime();if(!(u<=a&&d<=l throw new RangeError("Invalid interval");return r.inclusive?u<=l&&d<=a:ut||isNaN(t. Step):1;if(s<1||isNaN(s throw new RangeError("`options. Step):1;if(l<1||isNaN(l throw new RangeError("`options. GetTime()<=n throw new ...
1 year ago Cnn.com
New Relic CEO sets observability strategy for the AI age - The executive that replaced Gary Steele as CEO at Proofpoint when Steele left for Splunk has now followed Steele's path from cybersecurity to the helm of an observability company. Ashan Willy was appointed CEO at New Relic in December, a month after ...
9 months ago Techtarget.com
75% of new vulnerabilities exploited within 19 days - Last year alone, over 30,000 new vulnerabilities were published, with a new vulnerability emerging approximately every 17 minutes - averaging 600 new vulnerabilities per week, according to Skybox Security. The report highlights a critical gap in ...
8 months ago Helpnetsecurity.com
Smart Home Security Essentials: Protecting What Matters Most - Smart home security systems provide homeowners with the ability to keep their personal and property safe from intruders, theft, and other potential threats. This article will discuss different types of smart home security systems, benefits, setting ...
1 year ago Securityzap.com Meow
Investing in Africa's Clean Energy Transition - Among our vision, we see the transition to clean energy not just as a necessity, but as a catalyst for inclusive growth and digital innovation. Africa's energy landscape is confronting a critical shortfall, with roughly 600 million people in ...
1 year ago Feedpress.me
Understanding the New SEC Rules for Disclosing Cybersecurity Incidents - The U.S. Securities and Exchange Commission recently announced its new rules for public companies regarding cybersecurity risk management, strategy, governance, and incident exposure. "Currently, many public companies provide cybersecurity disclosure ...
1 year ago Feeds.dzone.com
Critical Infrastructure At Risk: Vulnerabilities Discovered In Automatic Tank Gauging - Pedro Umbelino, Principal Research Scientist at Bitsight, says the vulnerabilities could allow malefactors to exploit ATG systems, leading to potentially catastrophic outcomes, including environmental hazards, economic disruption, and even physical ...
5 months ago Informationsecuritybuzz.com
Creating a formula for effective vulnerability prioritization - In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset ...
1 year ago Helpnetsecurity.com
Analysis of OT cyberattacks and malwares - Let's find the answer to all the questions by looking into some history of OT attacks and malware. We systematically categorize the attacks into direct and indirect vectors. Direct attacks are those that target OT systems through the exploitation of ...
1 year ago Securityboulevard.com
CVE-2017-9863 - ** DISPUTED ** An issue was discovered in SMA Solar Technology products. If a user simultaneously has Sunny Explorer running and visits a malicious host, cross-site request forgery can be used to change settings in the inverters (for example, issuing ...
7 years ago
Optimizing Cybersecurity: How Hackers Use Golang Source Code Interpreter to Evade Detection - Hackers have been upping the stakes when it comes to executing cyberattacks, and an increasingly popular tool in their arsenal is the Golang source code interpreter. Reportedly, the interpreter is used to obfuscate code, thus making it harder for ...
2 years ago Bleepingcomputer.com
New York's cyber chief on keeping cities and states safe from cyberattacks | The Record from Recorded Future News - And so we think that that'll continue to evolve the security posture of New York State in a way that first and foremost provides the public good, which is, if a government service is not secure, it can't be considered reliable. We're ...
5 days ago Therecord.media
TISAX: new Catalogue ISA v6 available - ISA 6: The latest version of the ISA catalogue, published in October 2023, with many changes and improvements to address the challenges and needs of the industry. Key changes in ISA 6: New and revised controls to strengthen protection, detection, ...
1 year ago Sorinmustaca.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
10 months ago Securityaffairs.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)