KACO blueplanet 87.0 TL3
Easy fix1 remedy
Easy fix1 remedy
- <= 0
KACO Blueplanet Inverters SQL Injection Vulnerability Allowing Privilege Escalation
Vulnerability
A SQL injection vulnerability has been identified in the KACO Meteor server component of various Blueplanet inverter models, all versions. This vulnerability allows an authorized attacker to manipulate SQL commands, potentially leading to unauthorized privilege escalation within the local network.
Impact
Exploitation of this vulnerability could allow an authorized attacker to elevate privileges on the affected device, potentially leading to unauthorized access or control over the device.
Remediation
KACO new energy GmbH has released patches for some affected products and recommends updating to the latest versions. For products where no fix is currently available, KACO new energy GmbH is preparing further updates. Operators are advised to consult the Siemens General Security Recommendations and the specific guidance available for their affected product.
Added: May 12, 2026, 10:27 AM
Updated: May 12, 2026, 10:27 AM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
3.5remediation
0.0relevance
8.1threat
0.0urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.