You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
energycybersecurity
About this tag
The energycybersecurity tag covers threats and vulnerabilities specific to energy sector infrastructure, including industrial control systems and renewable energy hardware. Recent discussions highlight CVE-2025-9696, a critical Bluetooth Low Energy flaw in SunPower PVS6 inverters that allows attackers within range to gain full servicing access, potentially disabling power production or altering grid settings. This tag is relevant for IT and security professionals managing energy systems, as it addresses firmware weaknesses, hard-coded credentials, and remote exploitation risks in operational technology environments. Topics include CISA advisories, CVSS scoring, and mitigation strategies for protecting energy assets from cyberattacks.
The SunPower PVS6 fleet has been publicly flagged as critically vulnerable after CISA published an advisory (ICSA-25-245-03) describing a Bluetooth Low Energy (BluetoothLE) servicing interface that embeds hard‑coded encryption parameters and exposed protocol details—weaknesses that let an...