Alarming Solar Power System Flaws Could Let Hackers Disrupt Power Grids

The growing reliance on solar energy may be creating a new frontier of cybersecurity risks. A recent investigation by cybersecurity firm Forescout has uncovered a troubling wave of vulnerabilities affecting solar power system products from major manufacturers Sungrow, Growatt, and SMA. The findings raise serious concerns about the resilience of modern energy infrastructure against cyberattacks—and the potential for wide-scale disruption.

Dozens of Vulnerabilities Expose Solar Infrastructure

Forescout’s team revealed 46 new vulnerabilities, adding to more than 90 previously cataloged flaws in solar energy systems over recent years. The latest wave of discoveries targeted products from the world’s top 10 solar system vendors, with Sungrow, Growatt, and SMA standing out due to the severity and variety of issues identified.

At the core of these solar systems are inverters—devices that convert the DC electricity generated by solar panels into usable AC power. These inverters often include internet-connected components for monitoring, control, and remote access via cloud platforms and mobile apps. Unfortunately, these digital capabilities are turning solar infrastructure into an attractive attack surface for cybercriminals.

What the Researchers Found

• SMA: A single but serious vulnerability allows attackers to upload a malicious file to the cloud platform, potentially leading to arbitrary code execution on SMA’s server—a critical risk if left unpatched.
• Growatt: Researchers identified a staggering 30 vulnerabilities. These flaws include cross-site scripting (XSS), remote takeover capabilities, information disclosure issues, and even pathways for attackers to cause physical damage to solar infrastructure.
• Sungrow: More than a dozen vulnerabilities were uncovered, such as insecure direct object references (IDOR), denial-of-service (DoS) vulnerabilities, and remote code execution threats. These could lead to unauthorized access, service disruption, or the complete compromise of affected devices.

Why This Matters: A Threat to the Power Grid

Perhaps most alarming is the possibility of attackers gaining control over fleets of internet-connected inverters. According to Forescout, hijacking a large number of these devices could allow cybercriminals to destabilize power grids—either by manipulating energy input or causing synchronized disruptions.

Imagine hundreds or thousands of compromised inverters suddenly shutting down or being misconfigured. The impact could ripple across local or even national grids, causing outages, surging demand on backup systems, and triggering financial losses for utilities and operators.

Beyond grid disruption, compromised solar systems could be leveraged for:

• Personal data theft – including customer information linked to cloud-connected systems.
• Lateral network attacks – where attackers move from compromised inverters to other sensitive devices on the same network.
• Energy market manipulation – by tampering with output or performance data.
• Ransomware attacks – holding solar infrastructure hostage until a ransom is paid.

Patching Progress and Vendor Response

The affected vendors have been notified. Both SMA and Sungrow responded swiftly, patching all identified vulnerabilities and publishing advisories for customers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) echoed the urgency by issuing its own advisories, emphasizing the widespread use of these products across the global energy sector.

Growatt, however, has only addressed a few of the reported issues. As of late February 2025, the majority of vulnerabilities in its products remain unpatched—a concerning status for one of the leading solar inverter brands.

How Users Can Stay Protected

Securing solar energy systems requires the same cybersecurity diligence as any other connected infrastructure. Forescout and NIST recommend the following best practices:

• Change default passwords and implement strong authentication.
• Limit access using proper access controls.
• Keep firmware and software updated.
• Segment networks to isolate solar systems from other devices.
• Back up system configurations and data regularly.
• Monitor networks for signs of intrusion or abnormal behavior.
• Disable unused features to reduce attack surfaces.

Forescout also advises commercial solar system operators to include security requirements in procurement contracts and conduct regular risk assessments.

As solar technology becomes increasingly integrated into power grids, its security becomes just as critical as its efficiency. The vulnerabilities uncovered by Forescout are a stark reminder that clean energy does not automatically mean safe energy. Without proactive cybersecurity measures, the same systems designed to drive sustainability could become a weak link in our critical infrastructure.

Operators, vendors, and users must act now—before cyber attackers get the chance to flip the switch.