Cybersecurity researchers have discovered 46 new safety deficiencies in three solar -sellers, Sungrow, Growatt and SMAs, which can be used by a bad actor to confiscate devices or remote code, creating serious risks for electrical networks.
The vulnerabilities were collectively named Sun: Down by forescout vedere labs.
“New vulnerabilities can be used to execute arbitrary commands on devices or cloud provider, consider, gain a foothold in the supplier’s infrastructure or take control of the inverter owners’ device”, company company, company – Note In a report that shared with Hacker News.
Some of the notable flaws are below – below –
- Attackers can upload .aspx files to be executed web -server SMA (Sunnyportal (.) Com), which will lead to the remote code
- Non -false attackers can enroll the user via open “server.growatt.com/usercenter.do” final point
- Invalid attackers can get a list of plants owned by other users, as well as arbitrary devices through the final point “server-api.growatt.com/newtwoeicapi.do”, leading to devices
- Invalid attackers can get a serial reasonable counter number using the true username via “server-api.growatt.com/newplantapi.do”
- Non -false attackers can get information about EV charger information, energy consumption information and other sensitive data using the final point “evcharge.growatt.com/ocpp”, and remotely customize the charger and get the firmware, causing the disclosure and physical damage
- A App Android Related Sungrow uses a dangerous AES key for encrypted client data, opening the door to the script when the attacker can intercept and decrypt the connection between the mobile app and isolarcloud
- A App Android Related to Sungrow clearly ignores certificates and vulnerable to enemy attacks (AITM)
- Winet Webui Sungrow contains password with hard
- Several vulnerabilities in Sungrow when processing MQT messages that can lead to remote code or conditions of service (DOS)
“The attacker who received control over the Sungrow, Growatt and SMA Inverters Fleet, using recently discovered vulnerabilities, can control sufficient force to cause the volatility of these power grids and other major,” Forescout said.
In the hypothetical scenario of the attacker focused on Growatt inverters, the actor threats can guess the real names of accounts through open API, hide the accounts, dropping their passwords in the default “123456” and perform the following exploitation.
Worse, the inheritance fleet can be controlled as Botten to strengthen the attack and harm the network, which will cause network violations and potential shutdouts. All suppliers have since address a Certain problems After responsible disclosure of information.
“As attackers can control entire fleet of devices with the influence of energy production, they can change their settings to send more or less energy to the network at a certain time,” said the forecute, adding recently detected risk deficiencies that expose a network of cyber-physical ransom attacks.
Daniel Dos Santos, Head of Research in Forescout Vedere Labs, said the risks mitigation requires strict safety requirements when purchasing solar equipment, conducting regular risk assessments and providing full network visibility to these devices.
The disclosure of information occurs because the monitoring of production lines revealed serious security shortcomings made by the Japanese company Inaba Denki Sangyo, which could be used for remote observation and prevent production stops.
Vulnerabilities remain unwavering but the supplier has called for customers To restrict Internet access and limit, make sure such devices will be installed in a safe, limited area available only to authorized staff.
“These deficiencies allow different attacks, allowing an unauthorized attacker remotely and secretly accessing live frames for observation or violation of recording the cessation of production line that impede the capture of critical moments,” Nozomi Networks – Note.
In recent months, the Protective Technology Company (OT) also told about several security defects in GE Vernova N60 Network Relay. Zettler 130.8005 industrial gatewayand Wago 750-8216/025-001 Programmable Logic Controller (PLC) This can be armed with an attacker to take full control of the devices.
