Summary: Dozens of vulnerabilities found in solar inverters from Sungrow, Growatt, and SMA present severe security risks, potentially allowing remote code execution and unauthorized control of devices. An attack could disrupt grid stability and compromise user privacy, with significant implications for energy management. Patches have been released by the affected vendors to mitigate these vulnerabilities.
Affected: Sungrow, Growatt, SMA
Keypoints :
- 46 vulnerabilities identified, with significant risks including remote code execution and device takeover.
- Growatt inverters may be hijacked via the cloud backend without complete control, while Sungrow inverters involve more complex attack vectors.
- Exploitation of these vulnerabilities could disrupt power generation and user privacy, leading to potential ransomware attacks.