Innovations
New Release Technology IP Security
Solutions
Utility
C&I
Residential
Products
Cell Module Utility & Commercial System Residential System
About Us
About Us Our Culture & Values Compliance & Integrity Contact Us Career
Sustainability
Sustainability Policies & Announcement
Support
Services Service Training Cybersecurity Bulletin
News
Latest Updates Industry News Featured Cases Cooperation Events
简体中文
English
日本語
Top Search: Eco-day /  1175Ah /  6.25MWh
Innovations
New Release
Technology
IP Security
Solutions
Utility
C&I
Residential
Products
Cell
Module
Utility & Commercial System
Residential System
About Us
About Us
Our Culture & Values
Compliance & Integrity
Contact Us
Career
Sustainability
Sustainability
Policies & Announcement
Support
Services
Service Training
Cybersecurity Bulletin
News
Latest Updates
Industry News
Featured Cases
Cooperation
Events
Top Search: Eco-day /  1175Ah /  6.25MWh
Hithium values your personal privacy. We use information collected through our website to provide you with relevant content and services, and to measure the effectiveness of our media. You are in control of how your information is used and can modify your preferences at any time. Please check the details of our Privacy Policy .
REJECT
ACCEPT
Homepage > Services & Support > Cybersecurity Bulletin > Vulnerability Management Program

Hithium is committed to establishing a robust product cybersecurity vulnerability response system in accordance with international standards such as IEC 62443.This systematic process provides our customers with reliable assurance and works to minimize cybersecurity risks effectively.To efficiently address product cybersecurity vulnerabilities, Hithium has established a dedicated Product Security Incident Response Team (PSIRT). This team is responsible for responding to product security incidents and managing both known and potential vulnerabilities. Through transparent vulnerability disclosure procedures, the PSIRT promotes efficient and trusted industrial cybersecurity practices.

Hithium's Product Cybersecurity Vulnerability Management Program


Hithium's vulnerability management program is aligned with the IEC 62443-4-1 standard and follows the process outlined below:


1758705763409326Pb6N.png


n Receive and Acknowledge Cybersecurity Information: Upon receiving externally submitted cybersecurity information, the PSIRT will contact the submitter within two business days to confirm the issue. 

n Incident Assessment and Impact Analysis: The PSIRT will categorize the submitted cybersecurity information, assess the incident, and conduct an impact analysis to preliminarily determine whether emergency response should be initiated.

n Vulnerability Analysis and Research: The PSIRT will work with the product development team to evaluate the root cause and likelihood of the vulnerability, assess its severity, define its risk level, and explore solutions to mitigate risks or remediate the vulnerability. During this stage, the PSIRT will maintain active communication with the reporter.

n Vulnerability Handling: The PSIRT will collaborate with the product development team to develop software/firmware patches or determine appropriate risk mitigation measures. At the same time, the PSIRT will continue to monitor related information to ensure accurate evaluation of the vulnerability’s severity. If the vulnerability is high-risk and patch development requires significant time, emergency mitigation measures will be provided to customers prior to the completion of the final remediation.

n Vulnerability Disclosure: Once the vulnerability has been remediated, the PSIRT will publish the resolution results on Hithium’s official website under the “Cybersecurity Notice” section. The notice will include: a description of the vulnerability, potentially affected products and versions, mitigation measures, and the remediation plan.

 

The Hithium PSIRT team, in collaboration with the R&D team, analyzes and assesses vulnerabilities based on the Common Vulnerability Scoring System (CVSS) and other criteria defined in our Cybersecurity Vulnerability Management Program, such as likelihood and impact. Based on this assessment, a risk score is assigned, and a remediation timeframe is established according to the vulnerability's risk level. Throughout the remediation process, the PSIRT maintains communication with the vulnerability reporter as needed to support analysis, discuss solutions, and gather feedback.

 

For the latest information on product cybersecurity, please visit the“Cybersecurity Notice”page. Given the specific characteristics and critical safety requirements of energy storage products, software/firmware updates must not be performed by users independently. To obtain and install vulnerability patches and updates, please contact our After-Sales Service Engineers for assistance.

 

Reporting Product Cybersecurity Vulnerability 

 

If you have discovered a potential cybersecurity vulnerability in a Hithium product, please report it to us immediately via encrypted email at the address below. 

Providing the following information will help us facilitate a prompt and effective response.

1.Product model and software/firmware version

2.Vulnerability reproduction environment and steps (with logs or screenshots)

3.Proof-of-concept code (if applicable)

4.Description of the vulnerability exploitation scenario

5.Network packet capture data (e.g., Wireshark records)

6.Other relevant technical details

 

Hithium Cybersecurity Contact Email:IACS-CyberSecurity@Hithium.com


Disclaimer

Hithium reserves the right to modify this vulnerability management policy at any time. The most current version will always be made available on our official website (http://www.hithium.com). Hithium does not guarantee a response to every vulnerability report.By utilizing this document or any related links, you acknowledge that you shall assume all associated risks.
OK
Subscription Success
Congratulations on your successful subscription to HTHlUM news
Got it