Forescout research reveals vulnerabilities in solar power systems

Research reveals 46 new vulnerabilities in solar power systems, which threaten grid stability and give attackers potential control over solar inverters.

Forescout Technologies has published the report titled “SUN:DOWN – Destabilizing the Grid via Orchestrated Exploitation of Solar Power Systems.” Vedere Labs discovered these vulnerabilities in three of the top ten solar inverter vendors globally. The report indicates that 80% of vulnerabilities disclosed in the past three years were of high or critical severity, demonstrating significant security gaps in the solar ecosystem that could affect grid stability and consumer data privacy.

“The collective impact of residential solar systems on grid reliability is too significant to ignore – hospitals could lose access to critical equipment, families could go without heat in winter or AC in a heatwave, and businesses could shut down,” said Forescout CEO Barry Mainz. “Threat actors increasingly target critical infrastructure, making it essential to take them seriously and secure solar inverter systems before vulnerabilities lead to real-world disruptions.”

Key findings from the research include:

46 new vulnerabilities found in major vendors: Sungrow, Growatt, and System Monitoring Agent (SMA), with some allowing attackers to manipulate inverter settings and breach user privacy.

Consistent security gaps: An average of 10 vulnerabilities in solar power systems have been disclosed each year over the last three years. Of the total 93 previously disclosed vulnerabilities, 80% were categorized as high or critical severity, and 30% received the maximum Common Vulnerability Scoring System (CVSS) scores (9.8–10), allowing full control over affected systems.

Geopolitical concerns regarding supply chains: More than half of solar inverter manufacturers (53%) and storage system providers (58%) are based in China, which raises concerns about reliance on foreign solar power components.

Potential attack scenarios include unauthorized control of solar inverter systems. For instance, Growatt inverters are vulnerable to cloud-based takeovers, while Sungrow inverters can be hijacked by exploiting insecure parameters. Cybercriminals could use these vulnerabilities to disrupt power generation and destabilize the grid, potentially resulting in power outages or emergency measures.

After responsible disclosure, all identified vendors have addressed the reported security issues.

“Solar power systems are becoming essential elements of power grids worldwide, but persistent security flaws threaten both grid stability and national security,” said Daniel Denial of Service (DoS) Santos, Head of Research at Forescout Research – Vedere Labs. “To mitigate these risks, owners of commercial installations should enforce strict security requirements when procuring solar equipment, conduct regular risk assessments, ensure complete visibility into these devices, and segment them into sub-networks with continuous monitoring.”

For more information about the vulnerabilities and mitigation strategies for owners of smart inverters, utilities, and manufacturers, the full research report is available for download.

Proficio partners with Cisco to expand Managed XDR

TERAGO partners with Ericsson to deliver advanced private 5G solutions

Netskope named a Leader in Gartner SSE report