Solar grids could be hijacked and even potentially disabled by these security flaws

News
By published

Power grids could be disrupted and damaged, experts warn

Power cables stretching out in front of the horizon
(Image credit: Image Credit: jplenio / Pixabay)
  • Experts claim solar inverter vulnerabilities could lead to damage to the power grid
  • Devices could be taken over and switched off, increasing grid load
  • 46 vulnerabilities discovered, with some potentially exposing user information

Solar inverters could be hijacked by cybercriminals to disrupt power supplies and damage the electrical grid.

46 vulnerabilities were found by Forescout [PDF] in solar inverters produced by Sungrow, Growatt, and SMA.

Many of the vulnerabilities could lead to remote code execution (RCE), denial of service, device takeover, as well as access to cloud platforms and sensitive information.

Monitor your credit score with TransUnion starting at $29.95/month

<p>TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnion’s advanced risk assessment tools.<p><em>Preferred partner (<a href="https://todaymegadeals.shop/news/content-funding-on-techradar"><em>What does this mean?<em>)
View Deal

Power grid hijacking

For SMA devices, only a single vulnerability was found, CVE-2025-0731, that allows an attacker to use a demo account to upload a .aspx (Active Server Page Extended) file instead of a photovoltaic (PV) system picture, with the file then being executed by the sunnyportal.com web server.

As for Sungrow solar inverters, insecure direct object reference (IDOR) vulnerabilities tracked as CVE-2024-50685, CVE-2024-50686, and CVE-2024-50693 could allow an attacker to harvest communication dongle serial numbers.

CVE-2024-50692 allows an attacker to use hard-coded MQTT credentials to send arbitrary commands to an arbitrary inverter dongle, or commit man-in-the-middle (MitM) attacks against MQTT communications.

The attacker can also use one of several critical stack overflow vulnerabilities (CVE-2024-50694, CVE-2024-50695, CVE-2024-50698) to remotely execute code on server connected dongles. Using this flow of vulnerabilities, an attacker could potentially reduce power generation during peak times to increase the load on the grid.

Growatt inverters can be hijacked via the cloud backend by listing usernames from an exposed Growatt API, and then use these usernames for account-takeover through two IDOR vulnerabilities.

All of the disclosed vulnerabilities have since been patched by the manufacturers.

You might also like

Benedict Collins
Benedict Collins
Senior Writer, Security

Benedict has been with TechRadar Pro for over two years, and has specialized in writing about cybersecurity, threat intelligence, and B2B security solutions. His coverage explores the critical areas of national security, including state-sponsored threat actors, APT groups, critical infrastructure, and social engineering.

Benedict holds an MA (Distinction) in Security, Intelligence, and Diplomacy from the Centre for Security and Intelligence Studies at the University of Buckingham, providing him with a strong academic foundation for his reporting on geopolitics, threat intelligence, and cyber-warfare.

Prior to his postgraduate studies, Benedict earned a BA in Politics with Journalism, providing him with the skills to translate complex political and security issues into comprehensible copy.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.