# Critical Vulnerabilities Found in KACO blueplanet Inverters Threaten Energy Infrastructure **KACO new energy GmbH** has disclosed significant vulnerabilities affecting its **blueplanet Inverters**, widely deployed in critical energy infrastructure worldwide. These flaws could enable unauthorized access and privilege escalation, posing a substantial risk to power grid reliability. ## Summary of Vulnerabilities The identified vulnerabilities in **Siemens KACO Blueplanet Inverters** include: * **CVE-2025-40946**: A hard-coded cryptographic key issue where a CRC16-based algorithm for generating Technical Service credentials allows attackers to derive credentials from the device's serial number, leading to unauthorized access. * **CVE-2026-41125**: An SQL Injection vulnerability in the **KACO Meteor** server, allowing an authorized attacker to elevate privileges over a local network. These vulnerabilities carry a **CVSS v3 score of 8.3**, highlighting their severity. ## Affected Products A wide range of **KACO blueplanet Inverters** are affected, including various versions across the **blueplanet 100 NX3 M8**, **blueplanet 100 TL3 GEN2**, **blueplanet 105 TL3**, **blueplanet 105 TL3 GEN2**, **blueplanet 110 TL3**, **blueplanet 125 NX3 M11**, **blueplanet 125 TL3**, **blueplanet 125 TL3 GEN2**, **blueplanet 137 TL3**, **blueplanet 150 TL3**, **blueplanet 150 TL3 GEN2**, **blueplanet 155 TL3**, **blueplanet 155 TL3 GEN2**, **blueplanet 165 TL3**, **blueplanet 165 TL3 GEN2**, **blueplanet 3.0 NX3-20.0 NX3**, **blueplanet 3.0 TL3-60.0 TL3**, **blueplanet 3.0-5.0 NX1**, **blueplanet 360 NX3 M6**, **blueplanet 50.0 NX3-60.0 NX3**, **blueplanet 87.0 TL3**, **blueplanet 87.0 TL3 GEN2**, **blueplanet 92.0 TL3**, **blueplanet 92.0 TL3 GEN2**, **blueplanet gridsafe 110 TL3-S**, **blueplanet gridsafe 137 TL3-S**, **blueplanet gridsafe 92.0 TL3-S**, **blueplanet hybrid 10.0 TL3**, and **blueplanet hybrid 6.0 NH3-12.0 NH3** series. ## Mitigation and Recommendations **KACO new energy GmbH** has released new firmware versions for several affected products and urges users to update immediately. For products where fixes are not yet available, countermeasures are being prepared. **Siemens** and **CISA** strongly recommend the following: * **Apply Security Updates:** Implement provided security updates using corresponding tooling and documented procedures. Prior validation and supervised updates by trained staff are crucial. * **Network Protection:** Protect network access with mechanisms like firewalls, segmentation, and VPNs. Configure environments according to operational guidelines for protected IT environments. * **Minimize Network Exposure:** Ensure control system devices are not accessible from the internet. Isolate control system networks and remote devices behind firewalls, separate from business networks. * **Resilient Protection Schemes:** Operators of critical power systems should verify that multi-level redundant secondary protection schemes are in place to build resilience into power grids. * **Proactive Defense:** Implement recommended cybersecurity strategies for proactive defense of Industrial Control Systems (ICS) assets. ## Acknowledgments These vulnerabilities were reported to **CISA** by **Siemens ProductCERT**, and to **Siemens** by **Ruben Santamarta** of **Reversemode**. For further inquiries and security advisories, users can contact **Siemens ProductCERT**.