TZUTC: -0500   
   MSGID: 726.consprcy@1:2320/105 2c4bfd21   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Solar grids could be hijacked and even potentially disabled by these security   
   flaws   
      
   Date:   
   Fri, 28 Mar 2025 10:50:26 +0000   
      
   Description:   
   Several top solar invertor products were found to have vulnerabilities that   
   could lead to device takeover.   
      
   FULL STORY   
      
   Solar inverters could be hijacked by cybercriminals to disrupt power supplies   
   and damage the electrical grid.    
      
   46 vulnerabilities were found by Forescout [ PDF ] in solar inverters    
   produced by Sungrow, Growatt, and SMA.    
      
   Many of the vulnerabilities could lead to remote code execution (RCE), denial   
   of service, device takeover, as well as access to cloud platforms and   
   sensitive information.   
      
   Power grid hijacking    
      
   For SMA devices, only a single vulnerability was found, CVE-2025-0731 , that   
   allows an attacker to use a demo account to upload a .aspx (Active Server    
   Page Extended) file instead of a photovoltaic (PV) system picture, with the   
   file then being executed by the sunnyportal.com web server.    
      
   As for Sungrow solar inverters, insecure direct object reference (IDOR)   
   vulnerabilities tracked as CVE-2024-50685 , CVE-2024-50686 , and   
   CVE-2024-50693 could allow an attacker to harvest communication dongle serial   
   numbers.    
      
    CVE-2024-50692 allows an attacker to use hard-coded MQTT credentials to send   
   arbitrary commands to an arbitrary inverter dongle, or commit   
   man-in-the-middle (MitM) attacks against MQTT communications.    
      
   The attacker can also use one of several critical stack overflow   
   vulnerabilities ( CVE-2024-50694 , CVE-2024-50695 , CVE-2024-50698 ) to   
   remotely execute code on server connected dongles. Using this flow of   
   vulnerabilities, an attacker could potentially reduce power generation during   
   peak times to increase the load on the grid.    
      
   Growatt inverters can be hijacked via the cloud backend by listing usernames   
   from an exposed Growatt API, and then use these usernames for    
   account-takeover through two IDOR vulnerabilities.    
      
   All of the disclosed vulnerabilities have since been patched by the   
   manufacturers.   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/solar-grids-could-be-hijacked-and-even-   
   potentially-disabled-by-these-security-flaws   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426