35,000 Internet-Connected Solar Power Systems Vulnerable to Cyberattacks

Forescout Research Vedere Labs has uncovered that nearly 35,000 solar power devices, including inverters, data loggers, and gateways from 42 vendors, are exposed on the internet with vulnerable management interfaces.

Identified using the Shodan search engine, these devices represent a critical cybersecurity risk to global power grids, especially as renewable energy sources like solar power become integral to energy infrastructure.

Exposed Devices Pose Significant Grid Security Risks

Europe dominates with 76% of these exposed systems, primarily in Germany and Greece, while Asia accounts for 17%.

The findings highlight a growing threat landscape where attackers could exploit these systems for botnet integration or as entry points into sensitive networks, potentially destabilizing power grids already grappling with the challenges of renewable integration.

The research, building on the earlier SUN:DOWN report which disclosed 46 new vulnerabilities in solar power systems, emphasizes that while cloud-managed inverters pose a larger threat, internet-exposed devices are far from secure.

Devices like the SMA Sunny WebBox, accounting for 33% of exposed systems with over 10,953 units, and the CONTEC SolarView Compact, which saw a 350% surge in exposed units to nearly 3,000 in two years, are prime targets.

The SolarView Compact, notably exploited in Japan last year for bank account theft, runs outdated firmware in 60% of cases, with vulnerabilities like CVE-2022-29303 (command injection) actively targeted by botnets.

Real-World Implications

The lack of mechanical inertia in modern grid-following inverters, as opposed to traditional turbine-based systems, further exacerbates grid stability risks during cyberattacks, as highlighted by Rik Ferguson, VP of Security Intelligence at Forescout.

Real-world incidents, such as the recent Iberian Peninsula blackout, while not confirmed as a cyberattack, underscore the potential chaos airports halted, trains stranded, and digital payments crippled if such vulnerabilities are exploited.

The high penetration of renewables in grids like Spain’s (70% at the time of failure) adds another layer of complexity to ensuring stability against cyber threats.

Mitigation remains a pressing concern for organizations and solar installation owners.

Patching devices immediately, retiring unpatchable systems, and adhering to NIST and CISA guidelines for securing smart inverters and remote access via VPNs are critical steps to reduce exposure.

Despite vendor advisories against internet exposure through port forwarding, misconfigurations persist, leaving devices open to exploitation.

The research also identified 43 IP addresses, primarily from Singapore, Germany, and the Netherlands, linked to botnet operations or vulnerability scanning targeting these systems.

As solar power continues to scale globally, addressing these cybersecurity gaps is not just a technical necessity but a matter of national and regional energy security.

The intersection of renewable energy adoption and cyber risk demands urgent collaboration between vendors, users, and policymakers to safeguard critical infrastructure from the looming threat of cyberattacks.

Indicators of Compromise (IoCs)

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!