Wind and solar

Poor security around wind turbine and solar power systems needs to be addressed by those in the field, according to findings by a German security researcher.

Maxim Rupp has discovered numerous security flaws with both power technologies which, if maliciously exploited by an attacker, could result in disrupting energy supplies.
Wind and solar
Rupp recently reported numerous flaws in the web controls for the a number of systems, with the ICS-CERT subsequently issuing public warnings on all three of these.

They include the XZERES 442SR Wind Turbine, the Sinapsi eSolar Light and the RLE Nova-Wind Turbine.

SC Magazine reports that one of these flaws, a cross-site scripting (XSS) request forgery vulnerability affecting the XZERES turbine, could potentially be used by an attacker to change the administrator password for the web management interface, and then gain complete control of the wind turbine.

The ICS-CERT has ranked this security issue as 10 of 10 on the standard Common Vulnerability Scoring System (CVSS), the organisation considers the flaw dangerous due to the ease of remote exploitation.

Another flaw could allow hackers viewing saved, plaintext passwords going through a linked mail system. However this flaw, which resides in the Sinapsi monitoring and management system of small size solar photovoltaic plants, cannot be remotely exploited.

The vendors for the first two security issues have already provided a fix for their products and the US government is urging users to patch their systems as soon as possible.