Security News > 2023 > July > Over 130,000 solar energy monitoring systems exposed online
Security researchers are warning that tens of thousands of photovoltaic monitoring and diagnostic systems are reachable over the public web, making them potential targets for hackers.
These systems are used for remote performance monitoring, troubleshooting, system optimization, and other functions to allow remote management of renewable energy production units.
Cyble's threat analysts scanned the web for internet-exposed PV utilities and found 134,634 products from various vendors, which include Solar-Log, Danfoss Solar Web Server, SolarView Contec, SMA Sunny Webbox, SMA Cluster Controller, SMA Power Reducer Box, Kaco New Energy & Web, Fronis Datamanager, Saj Solar Inverter, and ABB Solar Inverter Web GUI. It is important to note that the exposed assets are not necessarily vulnerable or misconfigured in a way that allows attackers to interact with them.
Exploiting vulnerabilities in the PV systems that Cyble found exposed online has happened recently, with hackers scanning the web for vulnerable devices to add them to botnets.
CVE-2022-29303, an unauthenticated remote command injection vulnerability impacting Contec's SolarView system was used by a relatively new Mirai variant looking for fresh systems to grow its distributed denial-of-service power.
If PV system admins need to expose the interfaces for remote management, they should at least use strong, unique credentials, activate use multi-factor authentication where available, and keep their systems updated.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2022-29303 | OS Command Injection vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.00 SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php. | 9.8 |