FOCUS MODE
EXTRACT IOC
0Trash

Dozens of solar inverter flaws could be exploited to attack power grids – PRSOL:CC

iocOne
Dozens of solar inverter flaws could be exploited to attack power grids – PRSOL:CC
This article discusses severe vulnerabilities found in solar inverters from major manufacturers Sungrow, Growatt, and SMA, which could be exploited to control devices or execute code on their cloud platforms. These vulnerabilities pose risks to grid stability and user privacy, as they can be leveraged for attacks that disrupt power generation and demand balance. Affected: Sungrow, Growatt, SMA

Keypoints :

  • 46 vulnerabilities discovered in solar inverters from three major manufacturers: Sungrow, Growatt, and SMA.
  • Vulnerabilities could lead to unauthorized access, remote code execution, and denial of service.
  • Only one vulnerability (CVE-2025-0731) affects SMA products, allowing remote code execution via .ASPX file uploads.
  • Control of Growatt inverters can be achieved easily through its cloud backend.
  • Access to inverter configuration from compromised Growatt accounts can allow remote operations, including turning devices on or off.
  • Control of Sungrow inverters is more complex, requiring exploitation of multiple vulnerable components.
  • Potential impact on power grids through coordinated attacks using hijacked inverters.
  • Vulnerabilities can also affect user privacy and may enable ransomware attacks.
  • Manufacturers have patched the reported vulnerabilities and are committed to improving security.

MITRE Techniques :

  • Technique ID: T1210 – Remote Code Execution (CVE-2025-0731)
  • Technique ID: T1185 – Insecure Direct Object References (exploited to gain unauthorized access to Growatt API)
  • Technique ID: T1059 – Scripting (JavaScript injection for credential theft)
  • Technique ID: T1190 – Exploit Public-Facing Application (exploited vulnerabilities in communication dongles)
  • Technique ID: T1589 – Gather Victim Information (exploiting IDORs to harvest serial numbers from the manufacturer’s backend)

Indicator of Compromise :

  • Domain: sunnyportal.com
  • CVE ID: CVE-2025-0731
  • CVE ID: CVE-2024-50685
  • CVE ID: CVE-2024-50693
  • CVE ID: CVE-2024-50692

Full Story: https://www.prsol.cc/2025/03/28/dozens-of-solar-inverter-flaws-could-be-exploited-to-attack-power-grids/

Tags: XSS, CVE, BOTNET, EXPLOIT, CREDENTIAL, IMPACT, VULNERABILITY, CLOUD