Vulnerabilities ›

CVE-2026-41125

Medium

CWE-89 — Weakness Type

                    Published: May 12, 2026                      ·  Modified: May 15, 2026                      ·  Source: NVD                

CVSS v3

6.0

🔗 NVD Official

📄 Description (English)

A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions), blueplanet 105 TL3 (All versions), blueplanet 105 TL3 GEN2 (All versions), blueplanet 110 TL3 (All versions), blueplanet 125 NX3 M11 (All versions), blueplanet 125 TL3 (All versions), blueplanet 125 TL3 GEN2 (All versions), blueplanet 137 TL3 (All versions), blueplanet 150 TL3 (All versions), blueplanet 150 TL3 GEN2 (All versions), blueplanet 155 TL3 (All versions), blueplanet 155 TL3 GEN2 (All versions), blueplanet 165 TL3 (All versions), blueplanet 165 TL3 GEN2 (All versions), blueplanet 25.0 NX3-33.0 NX3 (All versions), blueplanet 3.0 NX3-20.0 NX3 (All versions), blueplanet 3.0-5.0 NX1 (All versions), blueplanet 360 NX3 M6 (All versions), blueplanet 50.0 NX3-60.0 NX3 (All versions), blueplanet 87.0 TL3 (All versions), blueplanet 87.0 TL3 GEN2 (All versions), blueplanet 92.0 TL3 (All versions), blueplanet 92.0 TL3 GEN2 (All versions), blueplanet gridsafe 110 TL3-S (All versions), blueplanet gridsafe 137 TL3-S (All versions), blueplanet gridsafe 92.0 TL3-S (All versions), blueplanet hybrid 10.0 TL3 (All versions), blueplanet hybrid 6.0 NH3-12.0 NH3 (All versions). Improper neutralization of special elements used in an sql command ('sql injection') in KACO Meteor server allows an authorized attacker to elevate privileges over a local network.

🤖 AI Executive Summary

A SQL injection vulnerability (CWE-89) exists in KACO blueplanet inverter management systems affecting all versions of multiple product lines. An authorized attacker on the local network can exploit this to elevate privileges. With CVSS 6.0 and no patch currently available, this poses a moderate risk to Saudi energy infrastructure and industrial facilities relying on these inverters for solar and hybrid power systems.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 24, 2026 11:17

🇸🇦 Saudi Arabia Impact Assessment

Primary impact on Energy sector (ARAMCO, renewable energy operators, solar farm operators), Government facilities with solar installations, and Healthcare institutions with backup power systems. Secondary impact on Telecom sector (STC, Mobily) which increasingly relies on solar-powered base stations. The vulnerability requires local network access, limiting exposure but affecting on-site technicians and internal network attackers. Saudi Arabia's aggressive renewable energy expansion (Vision 2030) increases the prevalence of these inverters in critical infrastructure.

🏢 Affected Saudi Sectors

Energy (Solar/Renewable) Government Healthcare Telecommunications Industrial/Manufacturing Water & Utilities

🎯 MITRE ATT&CK Techniques

T1190 - Exploit Public-Facing Application T1548 - Abuse Elevation Control Mechanism T1078 - Valid Accounts T1110 - Brute Force T1021 - Remote Services T1059 - Command and Scripting Interpreter

⚖️ Saudi Risk Score (AI)

6.5

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Inventory all KACO blueplanet inverters across your organization and document network connectivity

2. Restrict local network access to inverter management interfaces using network segmentation

3. Implement strong authentication controls and monitor for unauthorized access attempts

4. Review access logs for any suspicious SQL-like commands or privilege escalation attempts



COMPENSATING CONTROLS (until patch available):

5. Deploy network-based IDS/IPS rules to detect SQL injection patterns in traffic to inverter management ports

6. Implement Web Application Firewall (WAF) rules blocking common SQL injection payloads

7. Use VPN/jump hosts for all remote management access to inverters

8. Disable remote management features if not actively required

9. Implement database activity monitoring on inverter management systems



DETECTION RULES:

- Monitor for SQL keywords (SELECT, UNION, DROP, INSERT) in HTTP requests to inverter interfaces

- Alert on privilege escalation attempts following authentication

- Track failed authentication attempts followed by successful access

- Monitor for unusual database queries from inverter management accounts



PATCHING:

10. Contact KACO for security updates and subscribe to their security advisories

11. Plan upgrade path to patched versions once available

12. Test patches in non-production environment before deployment

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. قم بحصر جميع محولات KACO blueplanet في مؤسستك وتوثيق الاتصال بالشبكة

2. قيد الوصول إلى واجهات إدارة المحول على الشبكة المحلية باستخدام تقسيم الشبكة

3. طبق عناصر تحكم مصادقة قوية وراقب محاولات الوصول غير المصرح بها

4. راجع سجلات الوصول للبحث عن أي أوامر تشبه SQL أو محاولات رفع امتيازات مريبة

عناصر التحكم البديلة (حتى توفر التصحيح):

5. نشر قواعد IDS/IPS قائمة على الشبكة للكشف عن أنماط حقن SQL في حركة المرور

6. تطبيق قواعد جدار حماية تطبيقات الويب لحجب حمولات حقن SQL الشائعة

7. استخدم VPN/أجهزة القفز لجميع محاولات الوصول البعيد لإدارة المحولات

8. عطل ميزات الإدارة البعيدة إذا لم تكن مطلوبة بنشاط

9. طبق مراقبة نشاط قاعدة البيانات على أنظمة إدارة المحولات

قواعد الكشف:

- راقب كلمات SQL الرئيسية في طلبات HTTP إلى واجهات المحول

- أصدر تنبيهات لمحاولات رفع الامتيازات بعد المصادقة

- تتبع محاولات المصادقة الفاشلة متبوعة بالوصول الناجح

- راقب استعلامات قاعدة البيانات غير العادية من حسابات إدارة المحول

التصحيح:

10. اتصل بـ KACO للحصول على تحديثات الأمان والاشتراك في استشاراتهم الأمنية

11. خطط لمسار الترقية إلى الإصدارات المصححة عند توفرها

12. اختبر التصحيحات في بيئة غير الإنتاج قبل النشر

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.6.1.1 - Access control policy A.6.2.1 - User registration and access rights management A.8.2.1 - Classification of information assets A.8.2.3 - Handling of assets A.12.2.1 - Controls against malware A.12.4.1 - Event logging A.12.4.3 - Protection of log information

🔵 SAMA CSF

ID.AM-2 - Software platforms and applications are catalogued PR.AC-1 - Identities and credentials are issued and managed PR.AC-3 - Access is managed based on the principle of least privilege PR.AC-4 - Access is managed through operating system access controls DE.CM-1 - The network is monitored to detect potential cybersecurity events DE.CM-3 - Personnel activity is monitored to detect potential cybersecurity events RS.MI-2 - Incidents are mitigated

🟡 ISO 27001:2022

A.5.1.1 - Policies for information security A.6.1.1 - Information security roles and responsibilities A.6.2.1 - Information security responsibilities of management A.8.1.1 - Inventory of assets A.8.3.1 - Handling of removable media A.9.1.1 - Access control policy A.9.2.1 - User registration and access rights A.9.4.3 - Password management A.12.4.1 - Event logging A.14.2.1 - Secure development policy

🔗 References & Sources 1

🔗

https://cert-portal.siemens.com/productcert/html/ssa-545643.html

productcert@siemens.com

📊 CVSS Score

6.0

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H

Attack VectorA — Adjacent

Attack ComplexityH — High

Privileges RequiredH — High

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityH — High

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score6.0

CWECWE-89

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-05-12

Source Feed nvd

🇸🇦 Saudi Risk Score

6.5

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-89

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-41125

Introduce Yourself

Sign In Required