nV News Forums

 
 

nV News Forums (http://www.nvnews.net/vbulletin/index.php)
-   Archived News Items (http://www.nvnews.net/vbulletin/forumdisplay.php?f=67)
-   -   Solar panel control systems vulnerable to hacks, feds warn (http://www.nvnews.net/vbulletin/showthread.php?t=194690)

News 10-15-12 02:30 PM

Solar panel control systems vulnerable to hacks, feds warn
 
http://cdn.arstechnica.net/wp-conten...og-640x361.jpg Enlarge / One of the devices Italian researcher Roberto Paleari says is vulnerable to a slew of serious hacks.
Schneider Electric


The US Department of Homeland Security is warning of critical vulnerabilities in a computerized control system that attackers could exploit to sabotage or steal sensitive data from operators of the solar arrays that generate electricity in homes and businesses.

A slew of vulnerabilities in a variety of products, including the Sinapsi eSolar Light Photovoltaic System Monitor (Microsoft translation here) and the Schneider Electric Ezylog Photovoltaic Management Server, allow unauthorized people to remotely log into the systems and execute commands, warned the DHS-affiliated Industrial Controls Systems Cyber Emergency Response Team in a recent alert. Other vulnerable devices include the Gavazzi Eos-Box and the Astrid Green Power Guardian. Proof-of-concept code available online makes it easy to exploit some of the bugs.

The advisory is based on a report published last month that disclosed SQL injection vulnerabilities, passwords stored in plain text, hard-coded passwords, and other defects that left the devices open to tampering. According to researchers Roberto Paleari and Ivan Speziale, the vulnerable management server is incorporated into a photovoltaic products from several manufacturers. Paleari told Ars the flaws were uncovered after Speziale purchased a Schneider Electric Ezylog device for his home that used firmware version number 2.0.2736_schel_2.2.6b.

Read 12 remaining paragraphs | Comments



More...


All times are GMT -5. The time now is 09:47 AM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.