Cybersecurity researchers have identified 46 critical vulnerabilities in solar inverters produced by Sungrow, Growatt, and SMA. These flaws, collectively termed SUN:DOWN, could allow attackers to seize control of devices or execute code remotely, posing significant risks to electrical grids. Key issues include:

Remote code execution via malicious file uploads (SMA).

Exposure of user data and device takeover through insecure APIs (Growatt).

Weak encryption, hardcoded passwords, and MQTT vulnerabilities leading to remote attacks (Sungrow).

A potential attack scenario involves hijacking Growatt accounts by exploiting API weaknesses, using default passwords, and leveraging the compromised inverters as a botnet to destabilize the power grid.

Forescout warns that such vulnerabilities could lead to cyber-physical ransomware attacks, affecting energy production and grid stability. The vendors have since patched these flaws.

The article also highlights separate security issues in industrial cameras and OT devices from Inaba Denki Sangyo, GE Vernova, Zettler, and Wago, which could be exploited for surveillance or system control.

Experts recommend enforcing strict security measures, conducting risk assessments, and maintaining full network visibility to mitigate threats.

‍

Source: https://thehackernews.com/2025/03/researchers-uncover-46-critical-flaws.html