- Greater ChinaSimplified ChineseTraditional Chinese
- Germany (Global)GermanEnglishFrenchSpanish
- Middle East & AfricaEnglish
- South AmericaSpanish
- South AsiaEnglish
- South East AsiaEnglish
- United KingdomEnglish
- United States of AmericaEnglish
Information on the “MOVEit” cybersecurity incident
In June 2023, we identified a cybersecurity incident at SMA in connection with the MOVEit software. The affected system was immediately shut down and examined in line with our successfully established cybersecurity processes, and the appropriate emergency measures were implemented. A damage analysis revealed that no personal details or business-critical data were affected, because the system in question was isolated from SMA’s network of core systems. Data encryption did not take place.
This incident does not result in any risks to SMA’s business partners or employees.
If you have any questions about this or any other cyber-security-related issues, please do not hesitate to contact Information-Security@sma.de.
As already reported in the international media, a cyber security vulnerability has been identified (CVE-2021-44228, https://nvd.nist.gov/vuln/detail/CVE-2021-44228). It enables hackers to execute malicious program codes on the target systems, compromising system security as a result.
SMA inverters and the SMA monitoring portals are not affected by this latest vulnerability, although certain other SMA products may be affected. For these products, SMA will soon provide automatic software updates to counter the vulnerability. To make it harder for hackers to attack vulnerable systems, SMA will not disclose the products and versions in question until after the automatic updates have been rolled out.
Operators of large-scale SMA systems that are not subject to the automatic update will be contacted directly by the SMA service team and the updates will be installed by agreement.
You can find further information about this issue in the SMA manufacturer declaration →. It is updated regularly.
If you have any further questions, please contact SMA Information-Security@sma.de.
We are doing everything we can to solve this problem and would like to apologize for any inconvenience caused.