August 12, 2024 at 07:12AM
Cybersecurity researchers discovered vulnerabilities in photovoltaic system management platforms by Chinese companies Solarman and Deye, posing a risk of power blackouts if exploited. The shortcomings, including account takeover and information leaks, have been addressed as of July 2024. The vulnerabilities could allow attackers to take over accounts, control inverters, and access sensitive information, potentially causing widespread disruptions.
The meeting notes from the article on critical infrastructure vulnerabilities in photovoltaic system management platforms operated by Chinese companies Solarman and Deye indicate that cybersecurity researchers have identified several security shortcomings that could potentially lead to power disruptions and blackouts if exploited by malicious actors. The vulnerabilities in both Solarman and Deye platforms have been addressed following responsible disclosure. The issues identified include full account takeover, token reuse, information leaks, hard-coded account access, unauthorized authorization token generation, and potential unauthorized access to confidential user data. The exploitation of these vulnerabilities could lead to unauthorized access, data leaks, and disruption in power generation, potentially causing voltage fluctuations and leading to blackouts. It’s important to note that Solarman and Deye have addressed the vulnerabilities as of July 2024.
Please let me know if you need any further details or if there’s anything else I can assist you with.