Jump to content
  • Over 130,000 solar energy monitoring systems exposed online

    Karlston

    • 432 views
    • 3 minutes
     Share


    • 432 views
    • 3 minutes

    Security researchers are warning that tens of thousands of photovoltaic (PV) monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers.

     

    These systems are used for remote performance monitoring, troubleshooting, system optimization, and other functions to allow remote management of renewable energy production units.

    Sensitive info exposed

    Cyble’s threat analysts scanned the web for internet-exposed PV utilities and found 134,634 products from various vendors, which include Solar-Log, Danfoss Solar Web Server, SolarView Contec, SMA Sunny Webbox, SMA Cluster Controller, SMA Power Reducer Box, Kaco New Energy & Web, Fronis Datamanager, Saj Solar Inverter, and ABB Solar Inverter Web GUI.

     

    It is important to note that the exposed assets are not necessarily vulnerable or misconfigured in a way that allows attackers to interact with them.

     

    However, Cyble’s research shows that unauthenticated visitors can glean information, including settings, that could be used to mount an attack.

     

    exposed-1.jpg

    Exposed power generation figures and settings (Cyble)

     

    exposed-2.jpg

    Exposed live performance stats (Cyble)

     

    The report also highlights that vulnerabilities have been found and reported for the products above and there is proof of concept (PoC) exploit code available for several of them, which increases the likelihood of attacks against the systems running an older firmware version.

     

    Even when PV control systems are adequately secured, Cyble points out the risk of information-stealing malware that can collect logins for these tools.

    Active exploitation

    Exploiting vulnerabilities in the PV systems that Cyble found exposed online has happened recently, with hackers scanning the web for vulnerable devices to add them to botnets.

     

    For example, CVE-2022-29303, an unauthenticated remote command injection vulnerability impacting Contec’s SolarView system was used by a relatively new Mirai variant looking for fresh systems to grow its distributed denial-of-service (DDoS) power.

     

    Cyble’s scans found 7,309 internet-exposed SolarView devices globally, while another report from VulnCheck today discovered 425 instances of Contec’s SolarView that use a vulnerable firmware version.

     

    Shodan.png

    Shodan scan results (VulnCheck)

     

    VulnCheck’s report also highlights another recently-discovered unauthenticated remote code execution bug impacting the same product, tracked as CVE-2023-23333, for which multiple exploits exist in the public space.

     

    Systems of this type often face a degree of neglect in terms of maintenance and upgrades, which gives attackers good chances of success when they leverage fairly recent vulnerabilities.

     

    If PV system admins need to expose the interfaces for remote management, they should at least use strong, unique credentials, activate use multi-factor authentication where available, and keep their systems updated. Segregating the equipment to its own network also counts as a good defense.

     

     

    Source

    • Like 2

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...