EG4 Electronics EG4 Inverters (Update B)

Plan PatchCVSS 8.8ICS-CERT ICSA-25-219-07Aug 7, 2025

Energy

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

EG4 Electronics inverters contain multiple vulnerabilities affecting firmware integrity, data interception, and device authentication. CVE-2025-47872 allows enumeration of sensitive data through standardized endpoint responses. CVE-2025-46414 involves unspecified authentication weakness. CVE-2025-53520 allows installation of unsigned/malicious firmware due to lack of integrity checking. CVE-2025-52586 transmits device communication in cleartext between the dongle and server. These vulnerabilities could allow an attacker to intercept and manipulate critical data, install malicious firmware, and gain unauthorized control over the inverter systems.

What this means

What could happen

An attacker could intercept unencrypted communications with your inverter, install unauthorized firmware, enumerate system data, and take control of power management operations. This could disrupt energy production, enable unauthorized system reconfiguration, or allow persistent device hijacking.

Who's at risk

Energy sector organizations operating distributed solar or battery storage systems using EG4 inverters (12kPV, 18kPV, 6000XP, 12000XP, GridBoss, Flex series) should prioritize this. This includes utilities with behind-the-meter solar installations, renewable energy projects, and microgrids. Anyone managing inverter systems remotely or with internet connectivity is at highest risk.

How it could be exploited

An attacker with network access to the inverter or its dongle communication path could passively monitor unencrypted traffic to extract configuration and operational data, or actively inject malicious firmware during an update. If the inverter is exposed to the internet or accessible from an untrusted network, exploitation becomes trivial.

Prerequisites

Network access to the inverter or its management dongle/connection point
For firmware injection: ability to intercept or man-in-the-middle the firmware update process

remotely exploitableno authentication required for data enumerationlow complexityno patch available for most vulnerabilitiesunencrypted communicationsunsigned firmware acceptance

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (7)

7 EOL

ProductAffected VersionsFix Status

EG4 12kPV: vers:all/*All versionsNo fix (EOL)

EG4 18kPV: vers:all/*All versionsNo fix (EOL)

EG4 6000XP: vers:all/*All versionsNo fix (EOL)

EG4 12000XP: vers:all/*All versionsNo fix (EOL)

EG4 GridBoss: vers:all/*All versionsNo fix (EOL)

EG4 Flex 21: vers:all/*All versionsNo fix (EOL)

EG4 Flex 18: vers:all/*All versionsNo fix (EOL)

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDRestrict network access to inverter management interfaces; ensure inverters are not directly reachable from the internet

HARDENINGPlace inverter networks and remote management connections behind a firewall and isolate from business/corporate networks

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpdate firmware for CVE-2025-53520 to the latest version with integrity checking enabled by contacting support@eg4electronics.com and following provided guidance

HOTFIXUpdate firmware for CVE-2025-52586 to the encrypted version by contacting support@eg4electronics.com and following provided guidance

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: EG4 12kPV: vers:all/*, EG4 18kPV: vers:all/*, EG4 6000XP: vers:all/*, EG4 12000XP: vers:all/*, EG4 GridBoss: vers:all/*, EG4 Flex 21: vers:all/*, EG4 Flex 18: vers:all/*. Apply the following compensating controls:

HARDENINGIf remote access to inverters is required, use a VPN connection and ensure the VPN is updated to the latest version

HARDENINGMonitor inverter systems for anomalies and unexpected firmware changes; coordinate with EG4 support if suspicious activity is detected

CVEs (4)

CVE-2025-52586 CVE-2025-53520 CVE-2025-47872 CVE-2025-46414

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/eaccddbc-2804-4883-a8c0-c91ca3c6ab63

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.