Security Flaw Found in Solar Panel Equipment Used by Homeowners

Security researchers discovered vulnerabilities in KACO Blueplanet inverters, which are devices that convert solar panel electricity for home use. The flaw allows someone to figure out the password for these devices using just the serial number. Once they have access, they could potentially control the device. Siemens KACO new energy GmbH, the manufacturer, has released security updates for some affected models.

If you have solar panels on your home or business, check whether you have a KACO Blueplanet inverter. This brand is used in solar installations around the world. Someone with access to your inverter could potentially see your energy usage patterns or interfere with how your solar system works. The device serial number is sometimes visible on the outside of the equipment, which makes this vulnerability more serious.

If you have a KACO Blueplanet inverter, take these steps right now.

1. Check the model number on your inverter device.
2. Contact the solar installation company that set up your system and ask if a security update is available for your specific model.
3. If an update is available, schedule an appointment to have it installed.
4. Ask your installer to change the default password on your inverter to something unique and strong.
5. If your inverter is connected to the internet, ask whether it needs to be and if that connection can be secured or disabled. Smart home devices and renewable energy equipment are increasingly connected to the internet, which creates new security risks. When you install solar panels, security cameras, smart thermostats, or other connected devices, always ask the installer about security updates and how to keep the devices protected. Change default passwords on every device. Check with manufacturers or installers annually to see if security updates are needed for equipment you already own.