Sungrow, Growatt, and SMA are three solar transformer suppliers that have 46 new security flaws that cybersecurity researchers have discovered that could be exploited by a bad actor to seize control of the devices or electronically do code, putting a serious threat to electric grids.
Forescout Vedere Labs has codenamed the risks SUN: Over as a whole.
In a report released to The Hacker News, the company claimed that” the new threats can be exploited to execute arbitrary orders on products or the vendor’s cloud,” take over balances, establish foothold in the vendor’s infrastructure, or enslave inverter users ‘ products.
Above are some of the most significant errors that have been identified.
- Attackers may upload .aspx files that will be executed by SMA’s web server ( sunnyportal [ .] ). com ), which causes distant script execution.
- The exposed” server” allows unauthenticated attackers to use the site to generate password identification. growatt.com/userCenter “do” end
- Unauthenticated attackers can use the” server-api” to obtain the list of plants belonging to other users as well as arbitrary devices. growatt.com/newTwoEicAP I. would endpoint, leading to gadget takeover.
- Using a true username and the” server-api” protocol, unauthenticated attackers can use a valid password to get the serial number of a smart meter. growatt.com/newPlantAP I endpoint, leading to bill acquisition,
- Unauthenticated hackers can use the “evcharge” command to get data about EV chargers, power consumption data, and other sensitive data. data disclosure and bodily harm are possible as a result of the info disclosure and the remote configuration of EV chargers and the obtaining information related to firmware.
- An anxious AES key is used by the Android app Sungrow to encode client data, putting the door open for an attack to capture and decode communications between the mobile app and iSolarCloud.
- The Sungrow-affiliated explicitly ignores certificate errors and is vulnerable to adversary-in-the-middle ( AitM ) attacks.
- Sungrow’s WiNet WebUI has a hard-coded password that can be used to decipher all firmware improvements.
- Sungrow has a number of vulnerabilities that could cause remote code execution or a denial-of-service ( DoS ) condition when handling MQTT messages.
According to Forescout, an intruder who used the newly discovered risks to handle a sizable number of Sungrow, Growatt, and SMA inverters could use these newly discovered vulnerabilities to infect these electricity grids and other significant ones.
A risk actor could guess the real account usernames using an exposed API, re-enter the accounts by replacing their passwords with the default” 123456,” and then engage in further exploitation in a speculative attack scenario involving Growatt inverters.
To make matters worse, the stolen ship of inverters could then be used as a malware to intensify the attack and cause network deterioration, leading to grid disruption and possible blackouts. Following concerned reporting, all the distributors have since the issues identified.
As attackers can handle whole fleets of devices and have an effect on energy generation, they may change their settings to take more or less energy to the grid at specific times, according to Forescout, adding that the newly discovered flaws could expose the grid to cyber-physical ransomware attacks.
Forescout Vedere Labs ‘ Head of Research, Daniel do Santos, said ensuring complete network visibility into these devices is a key part of mitigating the risks, as well as imposing stringent security standards when purchasing solar equipment, conducting regular risk assessments, and ensuring strict security when purchasing solar equipment.
The disclosure comes as serious security flaws have been discovered in Japanese company Inaba Denki Sangyo production line monitoring cameras that could be used for remote monitoring and stop production stops from being recorded.
The vendor has to restrict internet access and make sure that such devices are installed in a secure, restricted area that is accessible only to authorized personnel, but the vulnerabilities remain unpatched.
According to Nozomi Networks,” These flaws enable various attacks, allowing an unauthenticated attacker to remotely and secretly access live footage for surveillance” or “disrupt the recording of production line stops preventing the capture of critical moments.”
The operational technology ( OT ) security company has also revealed numerous security flaws in the , , and Wago 750-8216/025-001 programmable logic controller ( PLC ) that could be used by an attacker to retake complete control of the devices.