Wind and solar turbines advised to tackle security risk

Poor security around wind turbine and solar power systems needs to be addressed by those in the field, according to findings by a German security researcher.

Maxim Rupp has discovered numerous security flaws with both power technologies which, if maliciously exploited by an attacker, could result in disrupting energy supplies.
Wind and solar
Rupp recently reported numerous flaws in the web controls for the a number of systems, with the ICS-CERT subsequently issuing public warnings on all three of these.

They include the XZERES 442SR Wind Turbine, the Sinapsi eSolar Light and the RLE Nova-Wind Turbine.

SC Magazine reports that one of these flaws, a cross-site scripting (XSS) request forgery vulnerability affecting the XZERES turbine, could potentially be used by an attacker to change the administrator password for the web management interface, and then gain complete control of the wind turbine.

The ICS-CERT has ranked this security issue as 10 of 10 on the standard Common Vulnerability Scoring System (CVSS), the organisation considers the flaw dangerous due to the ease of remote exploitation.

Another flaw could allow hackers viewing saved, plaintext passwords going through a linked mail system. However this flaw, which resides in the Sinapsi monitoring and management system of small size solar photovoltaic plants, cannot be remotely exploited.

The vendors for the first two security issues have already provided a fix for their products and the US government is urging users to patch their systems as soon as possible.



Did You Like this Article? Get All the Energy Industry News Delivered to Your Inbox

Subscribe to an email newsletter today at no cost and receive the latest news and information.

 Subscribe Now

Whitepapers

Maximizing Operational Excellence

In a recent survey conducted by PennEnergy Research, 70% of surveyed energy industry professional...

Leveraging the Power of Information in the Energy Industry

Information Governance is about more than compliance. It’s about using your information to drive ...

Reduce Engineering Project Complexity

Engineering document management presents unique and complex challenges. A solution based in Enter...

Revolutionizing Asset Management in the Electric Power Industry

With the arrival of the Industrial Internet of Things, data is growing and becoming more accessib...