EG4 Electronics EG4 Inverters (Update B)

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to intercept and manipulate critical data, install malicious firmware, hijack device access, and gain unauthorized control over the system.

CVEs (4)

Remediations

• EG4 has acknowledged the vulnerabilities and is actively working on a fix, including new hardware expected to release by October 15, 2025. Until then, EG4 will actively monitor all installed systems and work with affected users on a case-by-case basis if anomalies are observed.
• CVE-2025-52586: EG4 has released a new firmware that encrypts communication between the dongle and server. EG4 recommends that users update their firmware following the guidance outlined here.
• For more information, contact EG4.
• CVE-2025-53520: EG4 has released a new firmware version that adds an integrity check to the firmware updating process. The new firmware allows only approved firmware files to be installed onto EG4 inverters and solves this vulnerability. This new firmware file is available by contacting [email protected].
• CVE-2025-47872: EG4 standardized the endpoint responses to eliminate the risk of enumerating sensitive data. This was deployed on August 14, 2025. No action is required from users.
• CVE-2025-46414: EG4 deployed a fix on April 6, 2025. No action is required from users.

Affected Vendors

Affected Products (7)

Affected Sectors

Energy