CISA 2026-06-09

Siemens KACO Blueplanet Inverters

Machine-generated analysis · WAYSCloud LLM

The advisory states that serial numbers from affected inverters can be used to derive credentials, enabling unauthorized access. This affects a wide range of KACO blueplanet inverter models across multiple product lines.

Context

The affected products are Siemens KACO Blueplanet inverters, which are used in photovoltaic systems to convert direct current to alternating current. The advisory states that multiple vulnerabilities exist that allow an attacker to derive credentials from the device's serial number. This could permit unauthorized access to the device, potentially allowing control or configuration changes. The advisory notes that KACO new energy GmbH has released updates for some models and is preparing fixes for others.

Operator considerations

Check: inventory all Siemens KACO Blueplanet inverters to identify models and versions in use
Patch: update affected devices to the latest firmware versions provided by KACO new energy GmbH where fixes are available
Isolate: restrict network access to affected inverters, especially from untrusted networks
Log: monitor for unauthorized access attempts or anomalous behavior in inverter communications if logging is available

From Cybersecurity and Infrastructure Security Agency ↗

KACO blueplanet Inverters contain multiple vulnerabilities that could allow an attacker to derive the credentials from the devices serial number and misuse them to gain unauthorized access. KACO new energy GmbH has released new versions for several affected products and recommends to update to the latest versions. KACO new energy GmbH is preparing further fix versions and recommends countermeasures for products where fixes are not, or not yet available.

The following versions of Siemens KACO Blueplanet Inverters are affected:

blueplanet 100 NX3 M8 vers:all/*

blueplanet 100 TL3 GEN2 vers:all/*, vers:intdot/

Read the full advisory on CISA →