- Experts claim that vulnerabilities of solinveres can lead to damage to the mains
- Devices could be taken over and off, which increases the grid load
- 46 vulnerabilities discovered, with some potential postponement of user information
Solar inverters could be hijacked by cyber criminals to disrupt the power supply and damage the electric network.
46 Vulnerabilities were found by SUPPLY [PDF] in solar inverters produced by Sungrow, Growatt and SMA.
Many of the vulnerabilities could lead to Execution for Remote Code (RCE), refusal of service, takeover of devices and access to cloud platforms and sensitive information.
Power grid category
For SMA units, only a single vulnerability was found, CVE-2025-0731, giving an attacker the opportunity to use a demo account to upload a .aspx (Active Server Page Extended) file instead of a photovoltaic (PV) system image where the file is then performed by Sunnyportal.com web server.
As for Sungrow Solar Inverters, vulnerabilities in Directobject Object Reference (Idor), which is tracked as CVE-2024-50685, CVE-2024-50686 and CVE-2024-50693 could allow an attacker to harvest communications pondle series numbers.
The CVE-2024-50692 allows an attacker to use hard-coded MQTT credentials to send arbitrary commands to any inverter dongle or commit male-in-mid (MITM) attack against MQTT communications.
The striker can also use one of several critical stack overflow vulnerability (CVE-2024-50694, CVE-2024-50695, CVE-2024-50698) to remotely perform code on server-connected dongles. Using this flow of vulnerabilities, an attacker could potentially reduce power production in peak times to increase the load on the grid.
Growatt inverters can be hijacked via Cloud-backend by specifying usernames from an exposed Growatt API and then using these usernames for account takeover through two IDOR vulnerability.
All the vulnerabilities revealed have since been patched by the producers.
