39 matches found
EG4 Electronics EG4 Inverters (Update B)
RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to intercept and manipulate critical data, install malicious firmware, hijack device access, and gain unauthorized control over the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...
Destabilizing Power Grid and Energy Market by Cyberattacks on Smart Inverters
Cyberattacks on smart inverters and distributed PV are becoming an imminent threat, because of the recent well-documented vulnerabilities and attack incidents. Particularly, the long lifespan of inverter devices, users' oblivion of cybersecurity compliance, and the lack of cyber regulatory...
Communications Backdoor in Chinese Power Inverters
This is a weird story: U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said. … Over the past nine...
Researchers Uncover 46 Critical Flaws in Solar Power Systems From Sungrow, Growatt, and SMA
Cybersecurity researchers have disclosed 46 new security flaws in products from three solar power system vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids. The vulnerabilities ha...
SunGrow WiNet-S 安全漏洞
SunGrow WiNet-S is a LAN communication module from SunGrow, China. A trust management issue vulnerability exists in SunGrow WiNet-S version V200.001.00.P027 and prior versions, which stems from the use of hard-coded MQTT credentials. An attacker could use this vulnerability to send arbitrary...
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack Overflow Code Execution Vulnerability
Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments developed by Fuji Electric Japan for collecting real-time data from PLCs, temperature controllers, inverters and other devices. Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack Overflow...
Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems
Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could enable malicious actors to cause disruption and power blackouts. "If exploited, these vulnerabilities could allow an...
Voltronic Power ViewPower 安全漏洞
Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. Voltronic Power ViewPower suffers from an information disclosure vulnerability that is caused by a lack of authentication before allowing access to functionality. An attacker could exploit the...
Voltronic Power ViewPower 安全漏洞
Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. An elevation of privilege vulnerability exists in Voltronic Power ViewPower, which can be exploited by an attacker to escalate privileges and execute arbitrary code in the SYSTEM context...
Voltronic Power ViewPower 安全漏洞
Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. A security bypass vulnerability exists in Voltronic Power ViewPower that stems from a specific flaw in the updateManagerPassword method, which can be exploited by an attacker to bypass...
Voltronic Power ViewPower 安全漏洞
Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. An authentication bypass vulnerability exists in Voltronic Power ViewPower Pro, which can be exploited by an attacker to bypass authentication on the system...
SMA Solar Technology AG Cluster Controller Cross-Site Request Forgery Vulnerability
The SMA Solar Technology AG Cluster Controller is a cluster controller from SMA Solar Technology AG, Germany, used to manage and monitor clusters of multiple solar inverters to optimize energy yield and system performance. A cross-site request forgery vulnerability exists in the SMA Solar...
Voltronic Power ViewPower Authentication Bypass Vulnerability
Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. An authentication bypass vulnerability exists in Voltronic Power ViewPower Pro, which can be exploited by an attacker to bypass authentication on the system...
Rockwell Automation Armor PowerFlex Security Breach
Rockwell Automation Armor PowerFlex is a line of inverters from Rockwell Automation, Inc. A security vulnerability exists in the Rockwell Automation Armor PowerFlex that stems from a vulnerability that allows an attacker to send network commands to cause the product to generate a large amount of...
Fuji Electric Tellus Lite V-Simulator 和 Fuji Electric V-Server Lite 缓冲区错误漏洞
Fuji Electric Tellus Lite V-Simulator and Fuji Electric V-Server Lite are both products of Fuji Electric Japan.Fuji Electric Tellus Lite V-Simulator is a remote monitoring software for industrial environments. Fuji Electric V-Server Lite is a remote monitoring software for industrial environments...
Buffer Overflow Vulnerability in Multiple Fuji Electric Products
Fuji Electric FRENIC Loader, etc. are inverters from Fuji Electric Japan. A stack buffer overflow vulnerability exists in multiple Fuji Electric products, which stems from the program failing to properly detect user-submitted comments. A remote attacker could exploit the vulnerability to execute...
Critical Flaws Found in Solar Panels Could Shut Down Power Grids
A Dutch security researcher has uncovered a slew of security vulnerabilities in an essential component of solar panels which could be exploited to cause widespread outages in European power grids. Willem Westerhof, a cybersecurity researcher at Dutch security firm ITsec, discovered 21 security...
CVE-2017-9855
An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any such code, when combined with the installer...
CVE-2017-9853
An issue was discovered in SMA Solar Technology products. All inverters have a very weak password policy for the user and installer password. No complexity requirements or length requirements are set. Also, strong passwords are impossible due to a maximum of 12 characters and a limited set of...