- Arenas/Stadiums/Leagues /Entertainment
- Construction, Real Estate, Property Management
- Critical Infrastructure: Electric, Gas, Water
- Education: K-12
- Education: University
- Government: Federal, State and Local
- Hospitality & Casinos
- Hospitals & Medical Centers
- Ports: Sea, Land & Air
- Retail/Restaurants/Convenience Stores
- Transportation/Supply Chain/Warehousing
DHS warns of vulnerabilities in a computerized control system for solar arrays that generate electricity in homes and businesses.
The advisory is based on a report published last month that disclosed SQL injection vulnerabilities, passwords stored in plain text, hard-coded passwords, and other defects that left the devices open to tampering. According to researchers Roberto Paleari and Ivan Speziale, the vulnerable management server is incorporated into a photovoltaic products from several manufacturers.
Justin W. Clarke, an expert in the security of industrial control systems, told Ars the vulnerable devices are used to manage small to mid-sized photovoltaic installations used in homes and businesses. In addition to providing monitoring capabilities, the devices can also allow users to control the solar equipment.
"If there's solar on a site that has a large-scale control system this is going to be sitting pretty close," said Clarke, who is a researcher with Cylance, a firm specializing in security of industrial systems. "So if this were at a factory and there were bigger control systems, I would not be surprised to see this in a position where you could exploit this device and then gain access to a protected control network."