Introduction
The increasing vulnerability of global power grids to cyber-attacks is a pressing concern, particularly due to significant weaknesses identified in major solar power system manufacturers [8]. This issue is underscored by recent research highlighting critical vulnerabilities that could lead to severe disruptions, including blackouts and emergencies, through remote attacks on energy grids [5].
Description
Power grids globally are increasingly vulnerable to cyber-attacks due to significant weaknesses identified in major solar power system manufacturers [8], including Sungrow [1] [2] [5], Growatt [1] [2] [3] [4] [5] [6] [7] [8], and SMA Solar Technology [2]. Researchers from Forescout’s Vedere Labs have highlighted that these vulnerabilities could lead to serious incidents [8], including emergencies and blackouts [8], particularly through remote attacks on the energy grid [5]. In 2024 [8], three notable cyber incidents targeted solar power systems [8], prompting an FBI industry notification in July regarding threats to renewable energy resources [8]. The analysis focused on these leading manufacturers [8], revealing that they collectively had 46 critical vulnerabilities that could disrupt power grids [8]. Notably, 80% of the vulnerabilities disclosed in the last three years were classified as high or critical severity [1], indicating a significant risk to grid stability and availability. These vulnerabilities could allow attackers to take control of solar inverters [5], manipulate power output settings [5], and execute arbitrary commands [7], potentially leading to remote sabotage and significant power outages [2].
Forescout’s findings showed an average of over 10 vulnerabilities disclosed annually over the past three years [1], with 30% of previously disclosed vulnerabilities receiving the highest CVSS scores (9.8–10) [1], suggesting that full control could be gained by attackers [1]. Geopolitical concerns are raised as over half of solar inverter manufacturers (53%) and storage system providers (58%) are based in China [1], along with 20% of monitoring system manufacturers [1]. Specific attack scenarios include exploiting vulnerabilities in Growatt inverters for cloud-based takeovers [1], stemming from flaws in their cloud platform that allow unauthorized access and modifications without proper authentication [2]. Additionally, vulnerabilities such as insecure direct object references (IDORs) and cross-site scripting (XSS) could enable hackers to manipulate connected inverters and control user accounts.
Sungrow inverters present a more complex attack scenario [4], involving multiple vulnerable components [4]. An attacker could control a fleet of inverters [4], amplifying the impact on the power grid by modulating power generation during peak hours [4], thus creating an imbalance [4]. Vulnerabilities in Sungrow and SMA products include hardcoded login credentials and stack overflow issues, with one notable vulnerability [4], CVE-2025-0731 [4], allowing remote code execution through the upload of .ASPX files on the sunnyportal.com platform [4]. Attackers could exploit stored XSS vulnerabilities to gain control over inverter configurations [4], enabling them to perform operations like turning devices on or off [4]. Furthermore, a Sungrow Android application lacked proper security certificate verification and used weak encryption [2], making it susceptible to man-in-the-middle attacks [2].
Both Sungrow and SMA have patched their vulnerabilities [4], while Growatt has implemented fixes without requiring modifications to the inverters [4]. Additionally, critical stack overflow vulnerabilities (CVE-2024-50694 [4], CVE-2024-50695 [4], CVE-2024-50698) could allow remote code execution on communication dongles connected to inverters [4]. The combined effect of compromised inverters could significantly disrupt power generation on the grid [4], forcing primary control systems to react to sudden load changes [4]. In contrast [8], no major weaknesses were found in Huawei [8], Ginlong Solis [8], and GoodWe [8]. Sungrow and SMA addressed all reported vulnerabilities and issued advisories [8], while Growatt acknowledged the issues but took longer to resolve them [8], adopting a less collaborative approach [8].
To mitigate these risks [1] [2] [6], it is recommended that owners of commercial solar installations enforce strict security requirements [1] [2], conduct regular risk assessments [1] [2], ensure full network visibility [1] [2], and segment devices into monitored sub-networks [2]. Manufacturers are advised to prioritize security patches [6], adopt secure coding practices [6], and conduct regular penetration testing [6] [7]. Implementing Web Application Firewalls (WAFs) and adhering to cybersecurity frameworks are also recommended [6]. Users should regularly update firmware, install robust antivirus software [6], and maintain communication with manufacturers to mitigate risks associated with solar energy inverter equipment [7]. Additionally, securing installations involves isolating devices on separate networks [6], enabling security monitoring [6], and following guidelines from the US Department of Energy to enhance defenses against cyberattacks targeting solar infrastructure.
Conclusion
The vulnerabilities identified in solar power systems pose a significant threat to global power grid stability. Addressing these weaknesses is crucial to prevent potential cyber-attacks that could lead to widespread power outages and emergencies. By implementing robust security measures, conducting regular assessments, and fostering collaboration between manufacturers and users, the risks associated with solar energy inverter equipment can be mitigated. As the reliance on renewable energy sources grows, ensuring the cybersecurity of these systems will be vital for maintaining grid stability and resilience against future threats.
References
[1] https://markets.financialcontent.com/stocks/article/bizwire-2025-3-27-forescout-vedere-labs-uncovers-severe-systemic-security-risks-in-global-solar-power-infrastructure
[2] https://www.cybersecuritydive.com/news/solar-power-gear-vulnerable-remote-sabotage/743806/
[3] https://www.heise.de/en/news/New-security-vulnerabilities-detected-in-photovoltaic-systems-10331356.html
[4] https://www.prsol.cc/2025/03/28/dozens-of-solar-inverter-flaws-could-be-exploited-to-attack-power-grids/
[5] https://eandt.theiet.org/2025/03/28/cybersecurity-flaws-found-solar-panels-raise-possibility-energy-grid-blackouts
[6] https://www.techradar.com/pro/millions-of-solar-power-systems-could-be-at-risk-of-cyber-attacks-after-researchers-find-flurry-of-vulnerabilities
[7] https://www.techworm.net/2025/03/46-critical-flaws-in-solar-inverters.html
[8] https://www.infosecurity-magazine.com/news/solar-power-vulnerabilities/
