WE USE COOKIES ON THIS SITE TO ENHANCE YOUR USER EXPERIENCE
By clicking any link on this page you are giving your consent for us to set cookies.
More info
OK, I AGREE
NO, THANKS
|
Online exhibition
|
Online experience Hall
|
|
LANGUAGE
  • HOME
  • ABOUT SUNGROW
  • SOLUTIONS
    PV SYSTEM

    Residential System

    Commercial System

    Utility System

    STORAGE SYSTEM

    Residential Storage System

    Commercial Storage System

    Utility Storage System

    EV CHARGER

    Private PV + ESS + Charger Solution

    Destination Charging

    Public Fast Charging

    FLOATING PV SYSTEM

    Floating PV System

    PV POWER PLANT

    Residential PV Business Unit

    Green Power Business Unit

    WIND PRODUCTS & SOLUTION

    Aftermarket

    FLEXIBLE GREEN HYDROGEN PRODUCTION SYSTEM

    Flexible Green Hydrogen Production System

  • PRODUCTS
    PV SYSTEM

    String Inverter

    Central Inverter

    Turnkey Solution

    MLPE

    1+X Modular Inverter

    STORAGE SYSTEM

    Power Conversion System/Hybrid Inverter

    Battery

    Energy Storage System

    EV CHARGER

    AC Charger

    DC Charger

    iEnergyCharge

    iSOLARCLOUD

    Cloud Platform

    Energy Management System

    Intelligent Gateway

    FLOATING PV SYSTEM

    Floating Body

    Inverter & Booster Floating Platform

    ACCESSORY

    Monitoring

    WIND PRODUCTS

    Doubly-fed Wind Converter

    Full Power Converter

    Medium Voltage Converter

    Pitch Drivers

    Grid Simulator

    Motors Drivers

    HYDROGEN EQUIPMENT

    ALK water electrolysis equipment

    PEM water electrolysis equipment

    PWM hydrogen production power supply

    Intelligent hydrogen management system

  • SERVICE & SUPPORT
    ONLINE SERVICE
    CONTACT US
    CONTACT FORM
SEARCH
Guess you want to find it.
Online
exhibition
Online
experience Hall
SEARCH
Guess you want to find it.
COUNTRY


Sungrow Product Security Incident Response Team (PSIRT) is a dedicated team that receives, investigates, and discloses security vulnerabilities in Sungrow products. Sungrow defines vulnerabilities as exploitable security issues which, once exploited by attackers, could compromise the integrity, availability, or confidentiality of products. A vulnerability is not equivalent to a quality defect. A quality defect is triggered under certain conditions, without being exploited by an attacker, while a vulnerability must be exploited by an attacker before being triggered. 


Sungrow PSIRT makes the following commitments:

We use IEC 62443-4-1 to manage its security management and development processes.

We take actions to reduce vulnerabilities in our products and services to reduce or eliminate the harm and security risks caused to customers/users by Sungrow product/service vulnerabilities.

We promptly provide risk mitigations to customers/users after vulnerabilities are found in our products and services.

We actively identify our vulnerability management responsibilities and requirements (including applicable laws/regulations on business operation, contract requirements, and applicable public standards) and build a system to proactively manage vulnerabilities.

We will continue to optimize our vulnerability management processes and standards, learn from industry standards and best practices, and improve our vulnerability management maturity.


Reporting Suspected Vulnerabilities

Sungrow supports the responsible vulnerability disclosure and handling process, and encourages security researchers, industry organizations, customers, and suppliers to report suspected Sungrow product vulnerabilities to Sungrow PSIRT. If you have found the vulnerabilities, you can email the description of the vulnerability (including the specific product model, software version, etc.) to psirt@sungrow.cn and leave your contact information, we will follow up and feedback the security vulnerabilities which you have reported as soon as possible. 

Throughout the vulnerability handling process, our PSIRT strictly ensures that vulnerability information is transferred only between relevant handlers. We sincerely request you to keep the information confidential until a complete solution is available to our customers. We sincerely request you to keep the information confidential until a complete solution is available to our customers. We will take necessary and reasonable measures to protect the obtained data based on legal compliance requirements. We will not proactively share or disclose the data to others unless otherwise required by law or by the affected customer.


Vulnerability Response Process:

After receiving any suspected vulnerability, our PSIRT will work with the relevant product team to analyze/validate the vulnerability, assess its severity based on its actual impact on products, determine its remediation priority, and develop remediations (including mitigations, patches/versions, and other risk mitigations that can be implemented by customers). 

When discovering vulnerabilities in the products or services provided by a supplier during product development, delivery, and deployment, we will proactively contact the supplier for vulnerability remediation. 


The following is the handling process:

1.PSIRT will organize the SDD team analyzes the problem immediately after receiving it, and provides the problem analysis report and solution to customer service within 24 hours;

2.Resolve network security issues within 72 hours, provide the version available for upgrade (the version path will be provided separately) to the software testing department for testing, and provide a problem resolution report (including the root cause and solution of the problem);

3.If the problem cannot be resolved within 72 hours, please provide a temporary prevention method, and have the software testing department team verify the method;

4.After the software testing department tests the new software, there are no problems and a test report needs to be issued. The SDD department decides whether to upgrade based on the test report. If an upgrade is required, the SDD team will provide a version upgrade plan proposal to the customer service department. After approval by the customer service department, the two teams will jointly complete the software upgrade of the operating terminal and the hardware in production;

5.After the upgrade event is completed, the SDD team will lead a comprehensive review of the event and output an "event review report" (including a review of the cause of the problem, handling plan, and subsequent improvement measures).

6.Before the completion of the closure of the network security incident, the SDD Department will notify the relevant responsible person of the work progress every day, and the responsible person of all relevant personnel will review the "incident review report" to mark the completion of the incident processing.


Response Processing Time


Service Level

Level Name

Level Definition

SLA

Emergency

Response Time

System 

Recovery Time

L0Core services

In case of any exception, it will affect 

all main business.

24h7 days
30 days
L1Key services

Once exceptions occur, it will affect some 

branch business.

24h10 days30 days
L2

General

services

Once the exception occurs, the main 

business process will not be affected.

24h15 days60 days
L3

Peripheral

services

Once the exception occurs, 

it is imperceptible to users.

24h30 days90 days



Security Vulnerability Bulletin
Title
Product
CVE ID
Severity
Date
Related Documents Download
Document
Product
Language
Date
18MW PV Plant in Dubai
Developer: Recurrent Energy
Owner: empra
EPC:Signal Energy
Capacity:205MWac
Model:SG2500U
Location:Fresno, CA
Commissioned in Q4 2017
Developer: Recurrent Energy
Owner: empra
EPC:Signal Energy
Capacity:205MWac
Model:SG2500U
Location:Fresno, CA
Commissioned in Q4 2017