【ITBEAR】According to news on August 10, the network security company Bitdefender recently released an important report, revealing a series of serious security vulnerabilities in the solar inverter system produced by Ningbo Deye (Deye) Company. Once these vulnerabilities are exploited by hackers, they may have a major impact on the stability of the regional power grid, and even cause large-scale power outages or infrastructure overload explosions, with disastrous consequences. The report shows that Ningbo Deye Company’s solar inverter systems are widely used in more than 190 countries around the world, covering up to 10 million power generation facilities, with a total power generation of 1.95 billion kilowatts, which accounts for the world’s total solar power generation. One-fifth of the volume, showing its huge market share and potential impact on global energy supply. According to ITBEAR, the vulnerabilities discovered by Bitdefender are mainly closely related to improper management of multiple credentials (Tokens). Hackers can obtain the highest management rights of the inverter system through at least four ways, and then tamper with the inverter configuration. Specific vulnerabilities include: OAuth authentication vulnerability, which allows attackers to generate valid credentials for any user and take over user accounts; credential reuse vulnerability, which means that credentials signed on one company's platform can be used on another company's platform, increasing the number of hackers The scope of the attack; the problem of excessive information exposure, where certain API endpoints of the platform leak too much organizational information, such as email addresses and phone numbers, allowing hackers to carry out social engineering attacks; and the problem of hard-coded account numbers, where there is an owner inside the device Hard-coded accounts with the highest privileges but unchangeable passwords provide hackers with direct access to all devices.
Bitdefender emphasizes:Bitdefender emphasizes:
The above is the detailed content of Ningbo Deye solar inverter exposed, system loopholes hide hidden dangers?. For more information, please follow other related articles on the PHP Chinese website!