- The Forescout report finds that many vulnerable sunscreen perform an obsolete firmware with known exploits active in the wild
- Europe holds 76% of all the solar energy devices exposed, with Germany and Greece, in particular at risk
- Exposure to SolarView Compact has jumped 350% in two years, and it is already linked to cybercrime
The rapid growth in the adoption of solar energy in the world has aroused renewed concerns about the vulnerabilities of cybersecurity within solar infrastructure.
A ForestCout Labs Freest Labs study revealed that nearly 35,000 solar energy devices, including inverters, data loggers and bridges, are exposed to the Internet, making them susceptible to exploitation.
These results follow a previous Forescout report which identified 46 vulnerabilities in solar energy systems.
High exhibition and geopolitical implications
What is particularly alarming now is that many of these devices remain not corrected, even if the cybermenaces become more sophisticated.
Ironically, suppliers with the greatest number of exposed devices are not necessarily those that have the largest world facilities, suggesting problems such as poor default safety configurations, insufficient user advice or dangerous manual parameters.
Forescout found that Europe represents 76% of all the devices exposed, Germany and the most affected Greece.
Although a solar system exposed to the Internet is not automatically vulnerable, it becomes a gentle target for cybercriminals. For example, the SolarView Compact system experienced a 350% increase in online exposure over two years and was involved in a cyber-incident in 2024 involving a bank account in Japan.
The concerns about solar infrastructure have deepened when PK Press Club reported coronous communication modules in the inverters manufactured in Chinese.
Although it is not linked to a specific attack, the discovery has prompted several governments to reassess the safety of their energy systems.
According to Forescout, insecure configurations are common and many devices still perform obsolete firmware versions. Some are known to have vulnerabilities currently under active exploitation.
Devices like the abandoned SMA SMA SMA SMA web box still represent a large part of exposed systems.
It is not only a question of defective products, it reflects a risk at the system scale. Although limited individually in the impact, these devices exposed to the Internet can serve as entry into a critical infrastructure.
To alleviate risks, organizations should withdraw devices that cannot be corrected and avoid exposing internet management interfaces.
For remote access, secure solutions such as VPNs, as well as membership of CISA and NIST guidelines, are essential.
In addition, a layer approach using first -rate antivirus tools, termination points protection solutions, and in particular access to the zero confidence network (ZTNA), may be necessary to keep the isolated critical systems of intrusion.
