Critical Security Gap: 35,000 Solar Power Systems Exposed to Internet Cyber Threats

Recent cybersecurity research has unveiled a concerning vulnerability landscape affecting renewable energy infrastructure worldwide. Forescout's comprehensive analysis has identified approximately 35,000 solar power systems with internet-exposed management interfaces, representing a significant security risk to global energy grids. This exposure, combined with the discovery of 46 new vulnerabilities in major solar inverter manufacturers, underscores the urgent need for specialized operational technology (OT) cybersecurity solutions in the rapidly expanding renewable energy sector.

The Expanding Attack Surface in Solar Infrastructure

The digital transformation of renewable energy systems has created an unprecedented cybersecurity challenge. Solar power systems, once isolated from external networks, are increasingly connected to the internet for remote monitoring and management purposes. This connectivity, while enabling operational efficiency, has simultaneously expanded the attack surface for malicious actors seeking to disrupt critical infrastructure.

Forescout's research utilizing the Shodan search engine revealed that internet-exposed solar devices span 42 vendors, with Germany-based SMA Solar Technology accounting for more than 12,000 of the exposed systems. The five most commonly exposed products include SMA Sunny Webbox devices (approximately 10,000), Fronius inverters (4,000), Solare Datensysteme SolarLog (3,000), Contec's SolarView Compact (2,000), and Sungrow WiNet and Logger1000 systems (2,000)1.

The geographical distribution of these vulnerabilities reveals Europe as the predominant region of concern, accounting for over three-quarters of exposed devices, followed by Asia at 17% and the remaining global regions representing 8%.

Vulnerabilities with Real-World Consequences

The security implications extend far beyond theoretical concerns, as evidenced by active exploitation campaigns targeting solar infrastructure. The SolarView Compact devices, manufactured by Contec, exemplify this threat materialization. These systems experienced a dramatic 350% increase in internet exposure between 2023 and 2025, rising from 600 to over 2,000 devices. Critically, these devices are affected by at least three vulnerabilities actively exploited by botnets, including CVE-2022-29303, CVE-2022-40881, and CVE-2023-233331.

The SUN:DOWN research initiative has revealed 46 new vulnerabilities affecting solar power systems from major manufacturers including Sungrow, Growatt, and SMA Solar Technology. These vulnerabilities range from information disclosure to remote code execution capabilities, potentially enabling attackers to manipulate inverter operations, modify firmware, and even orchestrate coordinated attacks against power grid stability.

Addressing the OT Security Challenge in Renewable Energy

The convergence of information technology (IT) and operational technology (OT) in renewable energy systems demands specialized cybersecurity approaches that traditional IT security solutions cannot adequately address. RubyComm, a leading provider of OT cybersecurity solutions, has been monitoring these evolving threats and developing targeted protections for renewable energy infrastructure.

The company's expertise in protecting critical infrastructure extends specifically to renewable energy assets, recognizing that solar inverters and associated control systems require security measures that maintain operational continuity while providing robust protection. RubyComm's Rubyk™ OT product line offers specialized protection for industrial assets and connected operational technology equipment, addressing the unique challenges posed by legacy systems and modern IoT-enabled devices.

RubyComm closely monitors news coverage of operational technology (OT) cyber attacks on a daily basis. Through this ongoing tracking of publicly reported incidents, we have observed a clear and steady increase in the number of OT cyber attacks each year—from 2022 through 2023, 2024, and into 2025. This trend highlights the growing threat landscape facing critical infrastructure and underscores the importance of proactive security measures for organizations operating in OT environments.

Strategic Mitigation and Future Resilience

The solar power industry's rapid expansion necessitates immediate action to address these security gaps. Primary mitigation strategies include eliminating internet exposure of inverter management interfaces, implementing comprehensive patch management programs, and deploying specialized OT security solutions designed for industrial environments.

Organizations operating solar installations should prioritize network segmentation, placing critical control systems behind virtual private networks (VPNs) and following established guidelines from cybersecurity authorities. However, these traditional approaches must be complemented by OT-specific security solutions that understand the unique operational requirements and constraints of renewable energy systems.

RubyComm's approach to OT cybersecurity emphasizes customized security architectures that address functionality limitations in specialized settings while maintaining operational efficiency. This methodology transforms cybersecurity from a product implementation into a strategic partnership, ensuring that renewable energy operators can maintain grid reliability while protecting against sophisticated cyber threats.

The renewable energy sector's critical role in global energy transition demands that cybersecurity measures evolve in parallel with technological advancement. As solar power systems become increasingly essential to grid stability, the industry must prioritize OT security solutions that can scale with the growing threat landscape while preserving the operational integrity that makes renewable energy systems viable alternatives to traditional power generation.