- The Foreout report finds that many vulnerable solar devices execute obsolete firmware with active known feats in nature
- Europe has 76% of all exposed solar energy devices, with Germany and Greece at risk
- Solarview's compact exposure increased by 350% in two years, and is already linked to cybernetic crime
The rapid growth of solar energy adoption worldwide has caused renewed concerns about cybersecurity vulnerabilities within the solar infrastructure.
A Foreout Vedere Labs studio found that almost 35,000 solar energy devices, including investors, data registrars and link doors, are exposed to the Internet, which makes them susceptible to exploitation.
These findings follow an earlier Foreout report that identified 46 vulnerabilities in solar energy systems.
High exposure and geopolitical implications
What is particularly alarming now is that many of these devices remain without patches, even as cyber threats become more sophisticated.
Ironically, suppliers with the largest number of exposed devices are not necessarily those with the largest global facilities, which suggests problems such as deficient predetermined safety configurations, insufficient user orientation or insecure manual configurations.
Forescout found that Europe represents an amazing 76% of all the most affected Germany and Greece.
While a solar system exposed to the Internet is not automatically vulnerable, it becomes a soft objective for cybercriminals. For example, the solarview device experienced a 350% increase in online exposure for two years and was involved in a 2024 cyber incident that involved the theft of bank accounts in Japan.
Concerns about solar infrastructure were deepened when Reuters reported dishonest communication modules manufactured in Chinese.
Although it was not linked to a specific attack, the discovery led several governments to reassess the safety of their energy systems.
According to Foresout, insecure settings are common, and many devices still execute outdated firmware versions. It is known that some have vulnerabilities currently under active exploitation.
Devices such as the SMA SMA Sunny website still represent a significant part of the exposed systems.
This is not just a matter of defective products, it reflects a risk of the entire system. While it is limited individually in impact, these internet exposed devices can serve as entry points to a critical infrastructure.
To mitigate the risk, organizations must withdraw devices that cannot patch and avoid exposing Internet management interfaces.
For remote access, safe solutions such as VPN are essential, together with compliance with CISA and NIST guidelines.
In addition, a layer approach that uses antivirus tools with higher classification, final point protection solutions and especially zero access architecture to the Trust Network (ZTNA) network to keep critical systems isolated from intrusion can be necessary.
