Cyber Security Threat Summary:
Researchers are raising concerns about the vulnerability of over 130,000 photovoltaic monitoring and diagnostic systems accessible through the public internet. This accessibility exposes them to potential attacks from hackers. These systems play a crucial role in remote performance monitoring, troubleshooting, optimizing system efficiency, and enabling the remote management of renewable energy production units.

“Exploiting vulnerabilities in the PV systems that Cyble found exposed online has happened recently, with hackers scanning the web for vulnerable devices to add them to botnets. For example, CVE-2022-29303, an unauthenticated remote command injection vulnerability impacting Contec’s SolarView system was used by a relatively new Mirai variant looking for fresh systems to grow its distributed denial-of-service (DDoS) power. Cyble’s scans found 7,309 internet-exposed SolarView devices globally, while another report from VulnCheck today discovered 425 instances of Contec’s SolarView that use a vulnerable firmware version. VulnCheck’s report also highlights another recently-discovered unauthenticated remote code execution bug impacting the same product, tracked as CVE-2023-23333, for which multiple exploits exist in the public space” (Bleeping Computer, 2023).

Security Officer Comments:
Cyble’s threat analyst discovered 134,634 internet-exposed PV utilities from various vendors. Some of the notable vendors include Solar-Log, Danfoss Solar Web Server, SolarView Contec, SMA Sunny Webbox, SMA Cluster Controller, SMA Power Reducer Box, Kaco New Energy & Web, Fronis Datamanager, Saj Solar Inverter, and ABB Solar Inverter Web GUI. Additionally, researchers note that these exposed assets may not necessarily be vulnerable or misconfigured in a way that allows direct interaction by attackers. However, unauthenticated visitors can still gather valuable information, including settings, that could potentially be exploited in an attack. The report emphasizes that vulnerabilities have been identified and reported for the aforementioned products. Additionally, there is an available PoC exploit code for several of them, which increases the likelihood of attacks against systems running older firmware versions. Even if PB control systems are adequately secured, Cyble points out that the risk of information stealing malware that can gather logins for these tools.

Suggested Correction(s):
: Researchers at Cyble recommend the following mitigations:

• Access Control: Implement strong access controls for your PV monitoring solution. This includes using strong and unique passwords, enabling two-factor authentication, and restricting access based on user roles and privileges.
• Regular Software Updates: Keep your monitoring software and hardware up to date with the latest security patches and firmware updates. This helps to address any vulnerabilities and protect against potential exploits.
• Network Segmentation: Separate your PV monitoring solution from other critical networks and systems. Use firewalls and network segmentation techniques to isolate and protect the monitoring infrastructure from unauthorized access.
• Encryption: Implement encryption protocols to secure data transmission between the PV monitoring components, such as between the monitoring software and the data logger or inverters. This helps to prevent interception and tampering of sensitive data.
• Intrusion Detection System (IDS): Deploy an IDS to monitor the network traffic and identify any suspicious or malicious activities. This allows you to detect and respond to potential security breaches promptly.
• Secure Communication Protocols: Ensure that the communication protocols used in your PV monitoring systems, such as HTTPS, MQTT with TLS, or SSH, are secure and encrypted to protect data integrity and confidentiality.
• Regular Security Audits: Conduct regular security audits and vulnerability assessments of your PV monitoring solution. This helps identify and address any weaknesses or vulnerabilities attackers could exploit.
• User Training and Awareness: Provide comprehensive security training to system administrators and users of the PV monitoring solution. Educate them about best practices for password management, phishing prevention, and safe browsing habits.
• Secure Data Storage: Safeguard the storage of PV monitoring data by implementing appropriate access controls, encryption, and backups. Regularly review and assess data retention policies to ensure privacy and data protection regulations compliance.
• Incident Response Plan: Develop an incident response plan that outlines the steps to be taken in case of a security breach or incident. This includes containment, investigation, recovery procedures, and communication with relevant stakeholders.
• Zero Trust Architecture: Implement a zero trust approach for your PV monitoring solution. This means adopting a security model where every user, device, and network request is treated as potentially untrusted, regardless of their location within or outside the network. Implement granular access controls, continuous authentication, and dynamic authorization to minimize the attack surface and mitigate potential security risks.
• Compliance with International Standards: Ensure that your PV monitoring solution complies with relevant international standards. Adhering to these standards demonstrates your commitment to maintaining a robust security framework and helps establish trust with stakeholders by following recognized best practices.

Link(s):
https://www.bleepingcomputer.com/
https://blog.cyble.com/2023/07/05/security-gaps-in-green-energy-sector/