Summary: Researchers have identified 46 vulnerabilities in solar inverter products from Sungrow, Growatt, and SMA, potentially allowing attackers to execute remote code or take control of devices, posing severe risks to electrical grids. The vulnerabilities, dubbed SUN:DOWN, could lead to significant disruptions and potential blackouts if exploited. All vendors have addressed the issues following responsible disclosure.

Affected: Sungrow, Growatt, SMA

Keypoints :

• Attackers can upload malicious files resulting in remote code execution on SMA’s web server.
• Unauthenticated attackers can exploit APIs to take over accounts and gain access to sensitive user data.
• The Android application from Sungrow is vulnerable to attacks due to weak encryption and certificate error handling.
• Vulnerabilities in handling MQTT messages could lead to remote code execution or denial-of-service conditions.
• Hypothetical attacks on Growatt inverters could allow unauthorized control over energy settings, jeopardizing grid stability.
• In response to these vulnerabilities, vendors emphasize the importance of strict security measures and regular risk assessments.