Research has identified 46 new vulnerabilities within solar power systems that threaten grid stability and could allow attackers to take control of solar inverters.

Forescout Technologies has published a report detailing these issues, revealing that the majority of vulnerabilities disclosed in the past three years are categorized as high or critical severity. The findings illuminate significant systemic security weaknesses that could negatively affect the stability of power grids, utility operations, and consumer data privacy.

Barry Mainz, CEO of Forescout, emphasized the critical impact that residential solar systems can have on grid reliability, stating that risks include loss of access to essential equipment in hospitals and disruptions to heating or cooling for families and businesses. With a growing trend of threat actors targeting critical infrastructure, securing solar inverter systems is vital to prevent potential disruptions.

Key points from the report include:

  • Detection of 46 vulnerabilities among three of the top ten global solar inverter vendors: Sungrow, Growatt, and SMA.
  • Annual disclosure of an average of 10 vulnerabilities in solar power systems, with 80% of previously disclosed vulnerabilities rated high or critical severity.
  • Geopolitical concerns arise as over half of solar inverter manufacturers and storage system providers are based in China.

Exploiting these vulnerabilities could lead to attackers manipulating power generation and coordinating load-changing attacks, which may destabilize the grid and potentially cause blackouts. Following the responsible disclosure, all affected vendors have implemented patches.

Daniel dos Santos, Head of Research at Forescout, noted that while solar power systems are becoming increasingly vital for power grids worldwide, persistent security flaws pose serious risks. He advises commercial installation owners to enforce strict security requirements, conduct regular risk assessments, and implement continuous monitoring of network visibility into these devices.

For further details on vulnerabilities, attack scenarios, and mitigation advice, interested parties can access the full research report and additional resources through the Forescout website.