- Experts claim that the vulnerabilities of the solar inverter could cause damage to the electrical network
- The devices can be taken up and off, increasing the load of the grid
- 46 Discovered vulnerabilities, with certain potential user information information
Solar inverters could be diverted by cybercriminals to disrupt power supplies and damage the electricity network.
46 vulnerabilities were found by Forescout [PDF] In solar inverters produced by Sungrow, Growatt and SMA.
Many vulnerabilities could lead to the execution of the remote code (RCE), the denial of service, the takeover of the devices, as well as to access to cloud platforms and sensitive information.
Power Grid Rijacking
For SMA devices, only one vulnerability has been found, CVE-2025-0731, which allows an attacker to use a demonstration account to download an .aspx file (extended active server page) instead of a photovoltaic system image (PV), the file being then executed by the Sunnyportal.com web server.
With regard to Sungrow’s solar inverters, the Reference Vulnerabilities of Insecure Direct Object (IDOR) followed as CVE-2024-50685, CVE-2024-50686 and CVE-2024-50693 could allow an attacker to collect the closet communication numbers.
The CVE-2024-50692 allows an attacker to use hard code identification information to send arbitrary orders to an arbitrary inverter dongle, or commit human attacks (MITM) against MQTT communications.
The attacker can also use one of the many vulnerabilities of overflowing critical battery (CVE-2024-50694, CVE-2024-50695, CVE-2024-50698) to carry out the code on the server connected to the server. Using this flow of vulnerabilities, an attacker could potentially reduce electricity production during advanced times to increase the load on the grid.
Growatt inverters can be diverted via the Backend Cloud by listing the user names of an exposed Growatt API, then use these user names for accounts via two IDOR vulnerabilities.
All disclosed vulnerabilities have since been corrected by manufacturers.
