Security Flaws Found in Solar Power SCADA Software
Several SQL injection vulnerabilities have been uncovered, and passwords are stored in plain text.
The U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) recently warned of "multiple vulnerabilities" in the Sinapsi eSolar Light Photovoltaic System Monitor supervisory control and data acquisition (SCADA) software.
"According to researchers Roberto Paleari and Ivan Speziale, the vulnerabilities are exploitable remotely by authenticating to the service using hard-coded credentials," the ICS-CERT warning [PDF file] states. "Exploitation of these vulnerabilities would allow attackers to remotely connect to the server and [execute] remote code, possibly affecting the availability and integrity of the device."
"Those security holes include a slew of SQL injection vulnerabilities in webpages included with the device firmware," writes Betabeat's Steve Huff. "Among other things, the researchers found they could exploit SQL injection holes in the web based management interface to access the underlying MySQL database, gaining access to usernames and passwords for the device. Coders turned the stupid up a notch by storing passwords in plaintext."
"The impact of the security holes could be widespread," writes Sophos' Paul Roberts. "The Sinapsi eSolar management product is bundled with photovoltaic SCADA products from other vendors, as well. They include the Enerpoint eSolar Light, Astrid Green Power Guardian and Schneider Electric Ezylog Photovoltaic Management Server, according to ICS-CERT."