The Hacker News Logo
Subscribe to Newsletter

SCADA Hacking : Exploit released to Hack Solar Energy Plants

ICS-CERT - Industrial Control Systems Cyber Emergency Response Team has released the Advisory titled ICS-ALERT-12-284-01 - Sinapsi eSolar Light Multiple Vulnerabilities. They Report about report multiple vulnerabilities with proof-of-concept (PoC) exploit code that affecting the Sinapsi eSolar Light Photovoltaic System Monitor which is a supervisory control and data acquisition (SCADA) monitoring product.

The US Department of Homeland Security is warning about vulnerabilities in a common SCADA (supervisory control and data acquisition) package that is used to remotely monitor and manage solar energy-generating power plants.

The eSolar Light Photovoltaic System Monitor is a SCADA product that allows solar power stations to simultaneously monitor different components of photovoltaic arrays, such as photovoltaic inverters, energy meters, gauges

The disclosure was made by Roberto Paleari and Ivan Speziale, who described the vulnerable system as being the Schneider Electric Ezylog photovoltaic SCADA management server. ICS-CERT notes that the Italian company produces the system that is used by multiple vendors including Schneider Electric.

The software running on the affected devices is vulnerable to multiple security issues, that allow unauthenticated remote attackers to gain administrative access and execute arbitrary commands.

The multiple vulnerabilities reported were:
• Hard-coded Credentials
• SQL Injection
• Command Execution
• Broken Session Enforcement

You can Get Exploit here. The researchers released the vulnerability without coordination with either the vendor or ICS-CERT. The vendor is aware of the report and ICS-CERT asked the vendor to confirm the vulnerability and identify mitigation.

Subscribe to our Daily Newsletter via email - Be First to know about Security and Hackers. or Join our Huge Hackers Community on FacebookGoogle+ and Twitter.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.