- Uncertain Solar Systems allow cyber criminals to steal data and ransom access
- Millions of solar inverters remain vulnerable to severe cyber security threats
- SUPPLY OUT – Vediers Cover Errors that allow attackers to take full control of solar systems
The rising use of solar energy has postponed critical cybersecurity in -verted in inverters, cloud computing services and surveillance platforms, creating an uncertain ecosystem where hackers can manipulate energy production, interfere with power networks, and steal sensitive data, which poses serious risks to global energy infrastructure.
A study conducted by SUPPLY – Vediers Labs identified 46 new vulnerabilities across three major solar inverter manufacturers, including Sungrow, Growatt and SMA. Previous findings showed that 80% of the reported vulnerabilities were high or critical in the severity, some of which reached the highest CVS scores.
Over the past three years, an average of 10 new vulnerabilities have been revealed annually, with 32% having a CVS score of 9.8 or 10, indicating that attackers could fully compromise on the affected systems.
Millions of solar energy systems are facing security risks
Many solar inverters connect directly to the Internet, making them easy targets for cyber criminals. Attackers can utilize outdated firmware, weak approval mechanisms and non -encrypted data transmissions to gain control.
Exposed APIs allow hackers to enumerate user accounts, reset credentials (ideally stored in passwords) to default values and manipulate inverter settings, leading to power disorders.
In addition, uncertain object references and scripting (XSS) across site (XSS) can expose user emails, physical addresses and energy consumption data that violate privacy rules such as GDPR.
In addition to grid instability, compromised inverters create additional risks, including data theft, financial manipulation and coupling of smart homes – some vulnerabilities allow attackers to take control of electric vehicle chargers and smart connectors.
Cyber criminals could also change inverter settings to influence energy prices or demand ransom payments to recover system functionality. As a result, the report recommends that producers prioritize patches, adopt safe coding practices and perform regular penetration tests.
Implementation of Web Application Firewalls (WAFS) and compliance with cyber security frameworks such as NIST IR 8259 can help reduce risks.
Supervisory authorities are also encouraged to classify solar inverters as critical infrastructure and enforce security standards such as ETSI EN 303 645 to ensure best practice compliance.
For the solar system owners and operators, it requires ensuring installations isolating sun units on separate networks, enabling security monitoring and following guidelines from organizations such as the US Ministry of Energy to reduce risks.
Installing the best antivirus Software adds an additional layer of defense against threats while implementing the best endpoint protection Solutions protect additional connected devices against cyberattacks targeted at solar infrastructure.
