A recent cybersecurity investigation has uncovered critical flaws in nearly 35,000 solar energy systems across 42 vendors globally, leaving them exposed to potential internet-based cyberattacks. The findings raise major concerns as solar infrastructure becomes increasingly integrated into national power grids, creating new avenues for malicious interference.
Europe accounts for the majority of these exposed systems, with 76% located across the continent. Asia follows with 17%, while the remaining 8% are spread across other regions. Germany, Greece, and Italy report the highest numbers of vulnerable devices.
Forescout analysts conducted the scan using the Shodan search engine on May 9, 2025, identifying exposed solar equipment such as inverters, data loggers, and communication devices. The report builds on Forescout’s previous SUN:DOWN research, which found 46 critical vulnerabilities that could allow attackers to take control of inverter fleets.
The alarm over solar energy system security has grown following recent incidents. In May, Reuters reported unauthorized communication modules inside Chinese-made inverters, sparking international scrutiny over remote shutdown capabilities. Around the same time, a widespread grid failure affected Madrid and Lisbon, disrupting airports, trains, and payments—though this event wasn’t linked to cyberattacks.
The situation illustrates how weaknesses in solar devices may serve as entry points into larger power networks, especially in countries like Spain, where renewables generate up to 70% of electricity. Grid instability, combined with exploitable device vulnerabilities, heightens the overall threat.
One device under particular scrutiny is the CONTEC SolarView Compact. Exposure of these devices has surged by 350% in just two years—from 600 in 2023 to nearly 3,000 by 2025—now accounting for 8% of all exposed systems globally. These systems contain critical vulnerabilities, including CVE-2022-29303, CVE-2022-40881, CVE-2023-23333, and CVE-2023-29919, which attackers actively exploit.
Several IPs involved in these exploitations are linked to botnets or Tor exit nodes, with origins mainly in Singapore, Germany, and the Netherlands.
Security experts urge operators to follow basic cybersecurity hygiene. Devices should never be exposed directly to the internet. Instead, they recommend using VPNs for remote access and adhering to CISA’s remote management guidelines to reduce exposure.
Stay ahead of emerging cybersecurity threats. For the latest insights and updates on cloud security, follow SOC News.
News Source: CybersecurityNews.com