CVE-2025-52586

Name of the Vulnerable Software and Affected Versions Inverter (affected versions not specified)

Description The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data. This data includes read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.