Mar 27, 2025

Forescout Vedere Labs Uncovers Severe Systemic Security Risks in Global Solar Power Infrastructure

Forescout Technologies Inc., a global cybersecurity leader, published its “SUN:DOWN – Destabilizing the Grid via Orchestrated Exploitation of Solar Power Systems” research report. Forescout Research – Vedere Labs discovered 46 new vulnerabilities across three of the world’s 10 leading solar inverter vendors. Additionally, Vedere Labs found that 80% of vulnerabilities in solar power systems disclosed in the last three years were classified as high or critical severity. These findings reveal severe systemic security weaknesses in the solar ecosystem that could impact power grid stability, utility operations, and consumer data privacy.

“The collective impact of residential solar systems on grid reliability is too significant to ignore – hospitals could lose access to critical equipment, families could go without heat in the winter or AC in a heatwave, and businesses could shut down,” said Barry Mainz, Forescout CEO. “Threat actors increasingly target critical infrastructure, making it essential to take them seriously and secure solar inverter systems before vulnerabilities lead to real-world disruptions.”

Forescout research key findings include:

  • 46 new vulnerabilities across three of the world’s top 10 solar inverter vendors worldwide: Sungrow, Growatt, and SMA. Some of these vulnerabilities enable attackers to tamper with inverter settings and compromise user privacy.
  • Consistent, severe cybersecurity gaps: On average, 10 vulnerabilities on solar power systems have been disclosed each year over the past three years. Of the 93 previously disclosed vulnerabilities, 80% wereclassified as high or critical severity and 30% had the highest possible CVSS scores (9.8–10), meaning the attacker could take full control of an affected system.
  • Growing geopolitical concerns in solar supply chains: Over half of solar inverter manufacturers (53%) and storage system providers (58%) are based in China. Twenty percent of the monitoring system manufacturers are also from China, raising concerns over the dominance of foreign-made solar power components.

Potential attack scenarios and impact:

Attackers could exploit these vulnerabilities to take control of solar inverter systems in several ways. Growatt inverters were susceptible to cloud-based takeover, allowing unauthorized access and control of a user’s resources, solar plants, and devices. Sungrow inverters could be hijacked by harvesting communication dongle serial numbers through various insecure direct object references (IDORs), using hard-coded credentials found on the device and publishing messages that lead to remote code execution, and full takeover of the inverter.

By exploiting these weaknesses, cybercriminals could manipulate power generation at scale and trigger coordinated load-changing attacks to destabilize the grid—potentially leading to emergency power measures, grid disconnections, or even blackouts.

Following responsible disclosure, all vendors have patched the reported issues.

“Solar power systems are rapidly becoming essential elements of power grids throughout the world, but persistent security flaws threaten both grid stability and national security,” said Daniel dos Santos, Head of Research at Forescout Research – Vedere Labs. “To mitigate these risks, owners of commercial installations should enforce strict security requirements when procuring solar equipment, conduct regular risk assessments, ensure full network visibility into these devices and segment them into sub-networks with continuous monitoring.”

To learn more about the vulnerabilities, realistic attack scenarios and impact, and mitigation advice for owners of smart inverters, utilities, device manufacturers, and regulators, download the full research reportreview the summary blog, and join the webinar.

Forescout | https://www.forescout.com/