EG4 Electronics EG4 Inverters Cleartext Transmission Vulnerability Allowing Data Interception and Manipulation

A vulnerability exists in EG4 Electronics EG4 inverters due to the MOD3 command traffic being transmitted in plaintext, without encryption or obfuscation. This flaw allows an attacker with access to the local network to intercept, manipulate, replay, or forge critical data. The exposed data includes read/write operations for voltage, current, and power configurations, as well as operational status, alarms, telemetry, system reset commands, and inverter control commands. Such manipulation could disrupt power generation or alter inverter settings. This vulnerability affects all versions of the following EG4 inverter models: 12kPV, 18kPV, Flex 21, Flex 18, 6000XP, 12000XP, and GridBoss.

Impact

Exploitation of this vulnerability could lead to unauthorized interception and manipulation of sensitive data, including critical operational commands and telemetry. This could disrupt power generation or improperly reconfigure inverter settings. Additionally, according to CISA, successful exploitation could allow an attacker to gain unauthorized control over the system.

Remediation

EG4 has acknowledged this vulnerability and is actively working on a fix, including new hardware expected to be released by October 15, 2025. Until then, EG4 will monitor all installed systems and work with affected users on a case-by-case basis if anomalies are observed.