{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/blueplanet-3.0-tl3-60.0-tl3/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.3,"id":"CVE-2025-40946"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["blueplanet 100 NX3 M8","blueplanet 100 TL3 GEN2","blueplanet 105 TL3","blueplanet 105 TL3 GEN2","blueplanet 110 TL3","blueplanet 125 NX3 M11","blueplanet 125 TL3","blueplanet 125 TL3 GEN2","blueplanet 137 TL3","blueplanet 150 TL3","blueplanet 150 TL3 GEN2","blueplanet 155 TL3","blueplanet 155 TL3 GEN2","blueplanet 165 TL3","blueplanet 165 TL3 GEN2","blueplanet 25.0 NX3-33.0 NX3","blueplanet 3.0 NX3-20.0 NX3","blueplanet 3.0 TL3-60.0 TL3","blueplanet 3.0-5.0 NX1","blueplanet 360 NX3 M6","blueplanet 50.0 NX3-60.0 NX3","blueplanet 87.0 TL3","blueplanet 87.0 TL3 GEN2","blueplanet 92.0 TL3","blueplanet 92.0 TL3 GEN2","blueplanet gridsafe 110 TL3-S","blueplanet gridsafe 137 TL3-S","blueplanet gridsafe 92.0 TL3-S","blueplanet hybrid 10.0 TL3","blueplanet hybrid 6.0 NH3-12.0 NH3"],"_cs_severities":["high"],"_cs_tags":["credential-access","vulnerability","KACO"],"_cs_type":"advisory","_cs_vendors":["KACO new energy"],"content_html":"\u003cp\u003eA vulnerability, CVE-2025-40946, exists in KACO new energy\u0026rsquo;s blueplanet product line. The affected products include a wide range of inverters and energy storage systems, such as blueplanet 100 NX3 M8, blueplanet 100 TL3 GEN2 (All versions \u0026lt; V6.1.4.9), and blueplanet gridsafe models. The vulnerability stems from a weak CRC16-based algorithm used to generate Technical Service credentials. An attacker with knowledge of this algorithm and a device\u0026rsquo;s serial number could derive valid credentials, leading to unauthorized access and control over the affected device. This is significant as it allows unauthorized modification of system settings, potential disruption of energy production, and possible lateral movement within a network if the device is interconnected with other systems.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains knowledge of the CRC16-based algorithm used to generate Technical Service credentials.\u003c/li\u003e\n\u003cli\u003eAttacker obtains the serial number of a vulnerable KACO blueplanet device (e.g., through physical access, network scanning, or publicly available information).\u003c/li\u003e\n\u003cli\u003eAttacker inputs the device serial number into a custom script or tool implementing the known CRC16 algorithm.\u003c/li\u003e\n\u003cli\u003eThe script calculates the Technical Service credentials based on the serial number and the flawed algorithm.\u003c/li\u003e\n\u003cli\u003eAttacker uses the derived credentials to authenticate to the device\u0026rsquo;s web interface or API.\u003c/li\u003e\n\u003cli\u003eUpon successful authentication, the attacker gains unauthorized access to device settings and functionality.\u003c/li\u003e\n\u003cli\u003eAttacker modifies configuration settings, such as grid parameters, communication protocols, or firmware update settings.\u003c/li\u003e\n\u003cli\u003eThe attacker could disrupt energy production, cause grid instability, or use the compromised device as a foothold for further attacks within the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-40946 allows an attacker to gain unauthorized access to KACO blueplanet devices. This can lead to a variety of impacts, including disruption of energy production, manipulation of grid parameters leading to potential grid instability, and the use of compromised devices as entry points for further attacks within a network. The wide range of affected devices increases the potential scope of impact, especially within organizations heavily reliant on KACO\u0026rsquo;s blueplanet series for energy management.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade blueplanet 100 TL3 GEN2, blueplanet 105 TL3 GEN2, blueplanet 125 TL3 GEN2, blueplanet 150 TL3 GEN2, blueplanet 155 TL3 GEN2, blueplanet 165 TL3 GEN2, blueplanet 87.0 TL3 GEN2, blueplanet 92.0 TL3 GEN2 to version V6.1.4.9 or later to remediate CVE-2025-40946.\u003c/li\u003e\n\u003cli\u003eUpgrade blueplanet gridsafe 110 TL3-S, blueplanet gridsafe 137 TL3-S, blueplanet gridsafe 92.0 TL3-S to version V3.91 or later to remediate CVE-2025-40946.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for suspicious authentication attempts to KACO blueplanet devices, especially from unusual source IPs or during off-peak hours. Create firewall rules based on network_connection logs.\u003c/li\u003e\n\u003cli\u003eImplement multi-factor authentication for all device access to mitigate credential-based attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-12T10:19:19Z","date_published":"2026-05-12T10:19:19Z","id":"https://feed.craftedsignal.io/briefs/2026-05-kaco-credential-disclosure/","summary":"CVE-2025-40946 describes a vulnerability in KACO new energy blueplanet products where a weak CRC16-based algorithm for generating Technical Service credentials could allow an attacker to derive the credentials from the device's serial number and misuse them to gain unauthorized access.","title":"KACO blueplanet Devices Vulnerable to Credential Derivation (CVE-2025-40946)","url":"https://feed.craftedsignal.io/briefs/2026-05-kaco-credential-disclosure/"}],"language":"en","title":"CraftedSignal Threat Feed — Blueplanet 3.0 TL3-60.0 TL3","version":"https://jsonfeed.org/version/1.1"}