Evidence suggest hackers have been working on code which can operate SCADA system package that is used to remotely monitor and manage solar energy-generating power plants.
The US Department of Homeland Security issued a warning about exploit code that has been circulating on the Internet for security holes affecting the Italian vendor Sinapsi’s eSolar Light Photovoltaic System Monitor.
The product allows solar power stations to simultaneously monitor different components of photovoltaic arrays, such as photovoltaic inverters, energy meters, gauges and so on.
According to research by Robert Paleari and Ivan Speziale, the Sinapsi eSolar product contains a number of critical security vulnerabilities that make the devices exploitable by remote attackers who could gain administrative privileges and run arbitrary commands on vulnerable devices.
The issues include SQL Injection which could allow connection to the underlying MYSQL database. Passwords, the researchers noted, were stored in plaintext.
The impact of the security holes could be serious as the The Sinapsi eSolar management product is bundled with photovoltaic SCADA products from other vendors, as well.
Protect your organization against cyber-attacks with Tiro Security, a leading provider of IT Security Staffing located in the heart of Silicon Beach in Los Angeles, CA.