- Forescout report finds many vulnerable solar devices run outdated firmware with known exploits active in the wild
- Europe holds 76% of all exposed solar power devices, with Germany and Greece particularly at risk
- SolarView Compact exposure jumped 350% in two years, and it’s already linked to cybercrime
The rapid growth of solar energy adoption worldwide has sparked renewed concerns about cybersecurity vulnerabilities within solar infrastructure.
A study by Forescout’s Vedere Labs found nearly 35,000 solar power devices, including inverters, data loggers, and gateways, are exposed to the internet, making them susceptible to exploitation.
These findings follow a previous report by Forescout which identified 46 vulnerabilities in solar power systems.
High exposure and geopolitical implications
What’s particularly alarming now is that many of these devices remain unpatched, even as cyber threats grow more sophisticated.
Ironically, vendors with the highest number of exposed devices aren’t necessarily those with the largest global installations, suggesting issues such as poor default security configurations, insufficient user guidance, or unsafe manual settings.
Forescout found Europe accounts for a staggering 76% of all exposed devices, with Germany and Greece most affected.
While an internet-exposed solar system isn’t automatically vulnerable, it becomes a soft target for cybercriminals. For example, the SolarView Compact device experienced a 350% increase in online exposure over two years and was implicated in a 2024 cyber incident involving bank account theft in Japan.
Concerns around solar infrastructure deepened when Reuters reported rogue communication modules in Chinese-manufactured inverters.
Although not tied to a specific attack, the discovery prompted several governments to reevaluate the security of their energy systems.
According to Forescout, insecure configurations are common, and many devices still run outdated firmware versions. Some are known to have vulnerabilities currently under active exploitation.
Devices like the discontinued SMA Sunny WebBox still account for a significant share of exposed systems.
This is not just a matter of faulty products, it reflects a system-wide risk. While individually limited in impact, these internet-exposed devices may serve as entry points into critical infrastructure.
To mitigate risk, organizations should retire devices that cannot be patched and avoid exposing management interfaces to the internet.
For remote access, secure solutions such as VPNs, along with adherence to CISA and NIST guidelines, are essential.
Additionally, a layered approach using top-rated antivirus tools, endpoint protection solutions, and especially Zero Trust Network Access (ZTNA) architecture may be necessary to keep critical systems insulated from intrusion.
