The Internet Red Button a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks

Intro
Cyber-security now ranks among the energy sector’s most acute business risks. Unlike financial scandals such as Wirecard, a single unpatched flaw in operational technology can cascade from data loss to life-threatening outages. Deep Specter’s investigation uncovered a decade-old, publicly documented vulnerability that still sits exposed across the industry. Multiple responsible vendors were alerted — none replied.

This is not an isolated oversight; it is institutional negligence. The companies named here are only a fraction of those affected. Our catalyst was Spain’s multi-day blackout: could a similar failure be triggered not by a nation-state but by a “script kiddie” armed with a ten-year-old exploit?

Guided by a senior electrical engineer familiar with grid operations, we mapped the consequences. Compromise a single data-logger (the small computer that collects and pushes plant data) and an attacker can alter generation set-points, falsify telemetry, and ripple instability across regions. The tactic is trivial, the impact pervasive, and the industry’s silence speaks volumes.

To read the complete article see:
The Internet Red Button: a 2016 Bug Still Lets Anyone Kill Solar Farms in 3 Clicks