This repository contains all the information related to the Sermatec products.

Sermatec makes a wide range of solar inverters, for small plants there are 5 kW and 10 kW hybrid models.

The hybrid inverters contains the USR-WIFI232-B2 UART-TCP converter, which supports 802.11 b/g/n and it is the main method of communication with the inverter. The API protocol used is called OSIM (Optical Storage Integrated Machine).

It supports two modes:

• station mode: connects to the home AP, if there is an Internet access, it attempts to connect to the cloud server with a defined IP.
• AP mode: local connection mode in the official app, used mainly for maintenance

There are several ports open

⚠️⚠️⚠️⚠️ The WLAN communication poses several security risks:

• the default AP password is well-known (gsstes123456) and if it is not changed (which is not done even by professional installation companies), anybody can connect to the inverter, and:
  • can potentionally destroy the inverter and connected batteries by setting up improper configuration,
  • can find the home AP login details and connect to the inverter owner's home network.
• the inverter connects to the remote server and can be controlled by the Sermatec or the installation company remotely; the Sermatec company itself as the owner of the servers, or any attacker which gain access to the aforementioned server can possibly destroy the connected inverters.

The fact that the inverters can be potentionally abused remotely means not only risk of destroying the inverter/batteries and gaining the home AP credentials but also a possibility of causing a blackout if the area relies solely on the solar power.

⚠️ The WebUI password length is 15 chars max

• method: rtu
• stopbits: 1
• bytesize: 8
• parity: none
• baudrate: 9600
• unit: 1
• type: Read Holding Registers (function code 03)