Key Findings — Volume 2
- 50 new CVE vulnerabilities cataloged since Volume 1 (November 2024)
- Vulnerabilities exposed approximately 45% of world-wide solar generation — over 1 TW — to cyber exploitation
- Significant increase in the severity and scope of disclosed vulnerabilities targeting solar inverters, monitoring platforms, and DER management systems
Overview
Following the publication of Volume 1 in November 2024, DERSec has continued its systematic cataloging of cybersecurity vulnerabilities affecting solar energy infrastructure. Volume 2 documents 50 additional CVE entries discovered between November 2024 and May 2025, revealing an accelerating trend in both the frequency and severity of vulnerabilities targeting solar energy systems.
The scope of these vulnerabilities is staggering — affecting an estimated 45% of global solar generation capacity, representing over 1 terawatt of installed capacity. This underscores the critical need for purpose-built OT cybersecurity solutions designed specifically for distributed energy resources.
Why This Matters
As solar energy becomes a larger share of the global energy mix, the attack surface continues to expand. These vulnerabilities span multiple categories:
- Remote Code Execution (RCE) in inverter firmware and monitoring platforms
- Authentication Bypass allowing unauthorized access to DER control interfaces
- Protocol-level vulnerabilities in SunSpec Modbus and IEEE 2030.5 implementations
- Supply chain risks from compromised firmware update mechanisms
Download the Full Report
Access the complete Volume 2 research report with detailed CVE analysis, severity breakdowns, and affected vendor information.