Multiple vulnerabilities in Siemens KACO Blueplanet solar inverters could allow attackers to derive technical service credentials from device serial numbers and gain unauthorized access. The vulnerabilities affect a wide range of inverter models across various product lines. KACO new energy has released patches for some models and is developing fixes for others, with users advised to update to the latest firmware versions.

Why it matters in Western Canada: Solar and renewable energy infrastructure is growing across Western Canada, particularly in Alberta and BC. Organizations managing grid-connected solar installations may be operating vulnerable inverters that could be remotely compromised, potentially disrupting energy production or enabling further network access.

CVEs: CVE-2025-40946, CVE-2026-41125

---

Summary generated from the original advisory. Read the full source: cisa-advisories