Dozens of solar inverter flaws could be exploited to attack power grids

Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor’s cloud platform. The potential impact of the security problems has been assessed as severe because they could be used in attacks that could at least influence grid stability, and affect user privacy. In a grimmer scenario, the vulnerabilities could be exploited to disrupt or damage power grids by creating an imbalance between power generation and demand. Hijacking PV inverters Security researchers at Vedere Labs, the cybersecurity research arm of network security company Forescout, found 46 vulnerabilities in solar inverters from Sungrow, Growatt, and SMA - three of the top six manufacturers in the world. The potential impact of some of the vulnerabilities is significant as they could lead to unauthorized access to resources in cloud platforms, remote code execution (RCE), device takeover, infor ... Read full article.