- The Suggive Report finds many vulnerable sun devices,
- Europe owns 76% of all vulnerable solar energy units, with Germany and Greece in particular at risk
- SolarView Compact exposure ran 350% in two years and it is already attached to cybercrime
The rapid growth of the adoption of solar energy worldwide has given rise to renewed concern for cybersecurity — valselessness in solar infrastructure.
A study conducted by SUPPLYS BESTS Labs found nearly 35,000 solar energy devices, including inverters, data loggers and gateways, exposed to the Internet, making them susceptible to exploitation.
These findings follow a previous report from Forescout, identifying 46 vulnerabilities in solar energy systems.
High exposure and geopolitical implications
What is particularly alarming now is that many of these devices remain unmatched, even as cyber threats grow more sophisticated.
Ironically, suppliers with the highest number of exposed devices are not necessarily those with the largest global installations, suggesting problems such as poor standard security configurations, insufficient user guidance or uncertain manual settings.
Presencout found that Europe accounts for a staggering 76% of all exposed units, with Germany and Greece being most affected.
While an Internet-exposed solar system is not automatically vulnerable, it becomes a soft target for cyber criminals. For example, the SolarView Compact unit experienced an increase of 350% in online exposure over two years and was implicated in a 2024 cyber event involving bank account -theft in Japan.
Concerns about solar infrastructure elaborated as Pakinomist reported Rogue communication modules in Chinese -made inverters.
Although the discovery was not tied to a specific attack, the discovery caused several governments to reassess the security of their energy systems.
According to SUPPLY, uncertain configurations are common and many devices are still running deepened firmware versions. Some are known to have vulnerabilities that are currently under active exploitation.
Devices like the ceased SMA Sunny Webbox still account for a significant part of exposed systems.
This is not just a matter of defective products, it reflects a system -covering risk. While individually limited in influence, these Internet -exposed devices can serve as entry points in critical infrastructure.
In order to mitigate risk, organizations should go to pension units that cannot be patched and avoid postponing management interfaces to the Internet.
For remote access, safe solutions such as VPNs together with compliance with CISA and NIST guidelines are important.
In addition, a layered approach that uses top-classified antivirus tools, Endpoint Protection Solutions and especially Zero Trust Network Access (ZTNA) architecture may be necessary to keep critical systems in isolation from intrusion.
