Security researchers at Forescout Vedere Labs have identified 46 critical vulnerabilities in solar inverters manufactured by three leading solar power system manufacturers: Sungrow, Growatt, and SMA, which could lead to emergency measures or potential blackouts.
Forescoutโs Analysis & Findings
Forescout analyzed six leading global solar power system vendors: Huawei, Sungrow, Ginlong Solis, Growatt, GoodWe, and SMA. They discovered 46 new vulnerabilities affecting different components in three vendors: Sungrow, Growatt, and SMA.
These newly discovered vulnerabilities mentioned in the SUN:DOWN research by Forescout Vedere Labs have now been fixed by the affected vendors.
These flaws could have potentially allowed threat actors to execute arbitrary commands on devices or the vendorโs cloud, enable account takeover, impact grid stability and user privacy, gain a foothold in the vendorโs infrastructure, and take control of inverter ownersโ devices.
“The collective impact of residential solar systems on grid reliability is too significant to ignore — hospitals could lose access to critical equipment, families could go without heat in the winter or AC in a heatwave, and businesses could shut down,” said Barry Mainz, CEO at Forescout.
“Threat actors increasingly target critical infrastructure, making it essential to take them seriously and secure solar inverter systems before vulnerabilities lead to real-world disruptions.”
According to the researchers, on average, more than 10 new vulnerabilities have been disclosed each year over the past three years. Of the 93 previously disclosed vulnerabilities, 80% are classified as high or critical severity, with 32% of these having a CVSS score of 9.8 or 10, suggesting that attackers could potentially gain complete control over an affected system.
The most commonly impacted components are solar monitors, which account for 38% of reported vulnerabilities, followed by cloud backends at 25%. In contrast, solar inverters themselves are directly affected in only 15% of cases.
The researchers further found that 53% of solar inverter manufacturers, 58% of storage systems, and 20% of the monitoring system manufacturers are based in China, raising concerns over the dominance of foreign-made solar power components.
Potential Cyberattack Scenarios On Power Grids
One possible attack scenario involves malicious actors obtaining account usernames, using the password reset function to hijack accounts, and then utilizing the hijacked accounts to send commands to change inverter settings.
If attackers take control of these inverters, they can change their power output settings orย switch them off and on in a coordinated manner as a botnet. When multiple inverters are hijacked at once, it produces a large effect on power generation in a grid. The extent of the damage depends on how much backup power the grid has and how quickly it can be activated.
In the context of the European power grid, previous research indicates that gaining control over 4.GW of solar power generation could lower grid frequency to 49Hz, triggering the need for load shedding.
Given that Europe has 270GW of installed solar power capacity, taking control of just 2% of inverters could be sufficient to disrupt the grid for the attackers in a market that is dominated by Huawei, Sungrow, and SMA.
“Solar power systems are rapidly becoming essential elements of power grids throughout the world, but persistent security flaws threaten both grid stability and national security,” Daniel dos Santos, head of research at Forescout Vedere Labs, said.
Industry Implications
The identification of these vulnerabilities underscores the need for improved security measures within the solar energy industry.
Forescout recommends that device manufacturers implement secure software lifecycle practices, carry out regular penetration testing, implement security-in-depth strategies using web application firewalls, and use third-party audits of communication links based on standards, such as ETSI EN 303 645, Radio Equipment Directive (RED), and Cyber Resilience Act (CRA).
Recommendations For Consumers
To mitigate any potential vulnerabilities associated with solar energy inverter equipment, users are recommended to regularly update their inverter firmware, monitor their system performance, and maintain open communication with manufacturers, which can help mitigate risks.
