A security researcher discovered that more than 35,000 solar power systems, mostly from the company SolarView, are accessible from the internet without proper protection. These systems are used to monitor and manage solar panel setups, often by energy providers and businesses.

The researcher found that many of the systems still use default passwords, or don’t require a password at all, making them easy targets for hackers. If someone gains access, they could possibly manipulate energy data, disrupt energy production, or use the system as a way into larger networks.

This is especially concerning because these systems are often part of critical infrastructure, and attacks could cause real-world impacts on energy availability.

The issue affects SolarView versions up to 9.0, which are popular in Japan, where most of the exposed systems were found. The vendor has not yet responded to warnings from the researcher.

Source: https://www.securityweek.com/35000-solar-power-systems-exposed-to-internet/