Forescout Vedere Labs Uncovers Severe Systemic Security Risks in Global Solar Power Infrastructure

SAN JOSE, Calif.--(BUSINESS WIRE)--Forescout Technologies Inc., a global cybersecurity leader, today published its “SUN:DOWN – Destabilizing the Grid via Orchestrated Exploitation of Solar Power Systems” research report. Forescout Research – Vedere Labs discovered 46 new vulnerabilities across three of the world’s 10 leading solar inverter vendors. Additionally, Vedere Labs found that 80% of vulnerabilities in solar power systems disclosed in the last three years were classified as high or critical severity. These findings reveal severe systemic security weaknesses in the solar ecosystem that could impact power grid stability, utility operations, and consumer data privacy.

“The collective impact of residential solar systems on grid reliability is too significant to ignore – hospitals could lose access to critical equipment, families could go without heat in the winter or AC in a heatwave, and businesses could shut down,” said Barry Mainz, Forescout CEO. “Threat actors increasingly target critical infrastructure, making it essential to take them seriously and secure solar inverter systems before vulnerabilities lead to real-world disruptions.”

Forescout research key findings include:

• 46 new vulnerabilities across three of the world’s top 10 solar inverter vendors worldwide: Sungrow, Growatt, and SMA. Some of these vulnerabilities enable attackers to tamper with inverter settings and compromise user privacy.

• Consistent, severe cybersecurity gaps: On average, 10 vulnerabilities on solar power systems have been disclosed each year over the past three years. Of the 93 previously disclosed vulnerabilities, 80% were classified as high or critical severity and 30% had the highest possible CVSS scores (9.8–10), meaning the attacker could take full control of an affected system.

• Growing geopolitical concerns in solar supply chains: Over half of solar inverter manufacturers (53%) and storage system providers (58%) are based in China. Twenty percent of the monitoring system manufacturers are also from China, raising concerns over the dominance of foreign-made solar power components.

Potential attack scenarios and impact:

Attackers could exploit these vulnerabilities to take control of solar inverter systems in several ways. Growatt inverters were susceptible to cloud-based takeover, allowing unauthorized access and control of a user’s resources, solar plants, and devices. Sungrow inverters could be hijacked by harvesting communication dongle serial numbers through various insecure direct object references (IDORs), using hard-coded credentials found on the device and publishing messages that lead to remote code execution, and full takeover of the inverter.

By exploiting these weaknesses, cybercriminals could manipulate power generation at scale and trigger coordinated load-changing attacks to destabilize the grid—potentially leading to emergency power measures, grid disconnections, or even blackouts.

Following responsible disclosure, all vendors have patched the reported issues.

“Solar power systems are rapidly becoming essential elements of power grids throughout the world, but persistent security flaws threaten both grid stability and national security,” said Daniel dos Santos, Head of Research at Forescout Research – Vedere Labs. “To mitigate these risks, owners of commercial installations should enforce strict security requirements when procuring solar equipment, conduct regular risk assessments, ensure full network visibility into these devices and segment them into sub-networks with continuous monitoring.”

To learn more about the vulnerabilities, realistic attack scenarios and impact, and mitigation advice for owners of smart inverters, utilities, device manufacturers, and regulators, download the full research report, review the summary blog, and join the webinar.

About Forescout

The Forescout cybersecurity platform provides complete asset intelligence and control across IT, OT, IoT, and IoMT environments. For more than 20 years, Fortune 100 organizations, government agencies, and large enterprises have trusted Forescout as their foundation to manage cyber risk, ensure compliance, and mitigate threats. With seamless context sharing and workflow orchestration across more than 100 full-featured security and IT product integrations, Forescout makes every cybersecurity investment more effective.

Forescout Research – Vedere Labs is the industry leader in device intelligence, curating unique and proprietary threat intelligence that powers Forescout’s platform.