The US Department of Homeland Security is warning about vulnerabilities in a common SCADA (supervisory control and data acquisition) package that is used to remotely monitor and manage solar energy-generating power plants.
The DHS’s ICS-CERT issued an advisory on Wednesday that exploit code was circulating on the internet for security holes affecting the Italian vendor Sinapsi’s eSolar Light Photovoltaic System Monitor.
The eSolar Light Photovoltaic System Monitor is a SCADA product that allows solar power stations to simultaneously monitor different components of photovoltaic arrays, such as photovoltaic inverters, energy meters, gauges and so on.
ICS-CERT said in its advisory that the vulnerabilities, if successfully exploited, could allow attackers to remotely connect to the management server, “executing remote code, possibly affecting the availability and integrity of the device.”
General information pulled from the blog on Naked Security:
- Hackers pwn the sun – Exploit code released for software used to manage solar energy plants (nakedsecurity.sophos.com)