SolarView flaw exposes hundreds of solar farms


Security experts warn that a critical vulnerability is putting hundreds of solar power stations worldwide at risk.

Hundreds of solar power stations are exposed to “actively exploited” vulnerability allowing threat actors to launch attacks and gain access to their systems remotely, according to VulnCheck, a security firm.

According to SolarView manufacturer, the Japan-based company Contec, approximately 30,000 power stations use its devices to monitor power generation, storage, and distribution operations.

ADVERTISEMENT

The system is “clearly intended” for closed networks, VulnCheck said. However, it found 600 SolarView devices that can be reached via the internet, with over two-thirds of them yet to install the patch that mitigates the flaw labeled as CVE-2022-29303.

The flaw arises from the system’s inability to neutralize potentially harmful elements in user-supplied input, exposing it to remote attacks. Citing earlier research by Palo Alto Networks, VulnCheck noted that Mirai, an open-source botnet, exploits the vulnerability.

“The fact that a number of these systems are internet-facing and that the public exploits have been available long enough to get rolled into a Mirai-variant is not a good situation,” VulnCheck said.

Security experts said the exploitation of SolarView monitoring systems is not significant when considered in isolation, with the loss of view “likely the worst-case scenario.”

“However, the impact of exploitation could be high depending on the network the SolarView hardware is integrated into,” VulnCheck said.

“For instance, if the hardware is part of a solar power generation site, then the attacker may affect the loss of productivity and revenue by using the hardware as a network pivot to attack other ICS resources,” it warned.

ADVERTISEMENT