March 27, 2025 By Ionut Ilascu
Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor’s cloud platform.
The potential impact of the security problems has been assessed as severe because they could be used in attacks that could at least influence grid stability, and affect user privacy.
In a grimmer scenario, the vulnerabilities could be exploited to disrupt or damage power grids by creating an imbalance between power generation and demand.
Hijacking PV inverters
Security researchers at Vedere Labs, the cybersecurity research arm of network security company Forescout, found 46 vulnerabilities in solar inverters from Sungrow, Growatt, and SMA - three of the top six manufacturers in the world.
The potential impact of some of the vulnerabilities is significant as they could lead to unauthorized access to resources in cloud platforms, remote code execution (RCE), device takeover, information disclosure, physical damage, and denial of service.
Of the 46 issues discovered, only one, CVE-2025-0731, impacts SMA products. An attacker could use it to achieve remote code execution by uploading .ASPX files that would be executed by the web server at sunnyportal.com - the company's platform for monitoring photovoltaic (PV) systems.