Logo sonnen small

Vulnerability Disclosure

At sonnen, ensuring the security of our battery systems is a top priority, in accordance with ETSI 303645 / EN 18031. However, it is important to acknowledge that vulnerabilities can never be entirely eradicated, despite our best efforts. When vulnerabilities are discovered and exploited, they can jeopardize the confidentiality, integrity, or availability of our systems and the information they handle. This page outlines the systems and types of tests that are permitted, as well as the process for submitting vulnerability reports to sonnen. We encourage you to reach out to us if you identify any potential security concerns within our systems.

Authorization

If you are acting in good faith to identify and report vulnerabilities in sonnen systems, we will collaborate with you to understand and address the issues promptly. As long as you adhere to these guidelines, sonnen will not take legal action regarding your activities related to identifying vulnerabilities in our systems.

Scope

This policy applies to all network-connected systems from sonnen, including sonnenBatteries, sonnenMeters, sonnenChargers, and sonnenKNXmodules. Any services not explicitly mentioned above are excluded from this scope and are not authorized for testing.

Guidelines

While conducting your activities, it is crucial that you do not exploit the vulnerability or issue you have found. Specifically, you should:

  • Avoid downloading more data than necessary to demonstrate the vulnerability, and do not delete or alter others' data.
  • Use only non-intrusive methods to confirm the presence of a vulnerability.
  • Keep any data obtained during your investigation confidential and do not disclose it to the public or any third parties.
  • Refrain from making the vulnerability public until it has been resolved.
  • Cease testing immediately if you encounter any sensitive information (such as Personally Identifiable Information or proprietary data) and notify us right away, without sharing any obtained data with others.

Prohibited Actions

Please do not engage in the following activities:

  • Install malware (such as viruses, worms, or Trojans) on any system.
  • Compromise systems using exploits to gain full or partial control.
  • Copy, modify, or delete data from the system.
  • Make any changes to the system.
  • Access the system repeatedly or share access with others.
  • Use any obtained access to try to reach other systems.
  • Alter access rights of other users.
  • Utilize automated scanning tools.
  • Conduct “brute force” attacks to access systems.
  • Implement denial-of-service attacks or social engineering tactics (like phishing or spam).
  • Attack physical security measures.

Reporting a Vulnerability

If you discover a vulnerability, please call the sonnen hotline 08304-929-33-444 as soon as possible. In your call, indicate whether you consent to having your name or pseudonym publicly associated with the discovery.

What You Can Expect from Us

In return for your vulnerability report, we commit to:

  • Responding to your submission within five (5) business days with our assessment.
  • Treating your report with the utmost confidentiality.
  • Informing you when the vulnerability has been addressed, whenever possible.
  • Processing any personal data you provide (such as your email address and name) in compliance with applicable data protection laws, and not sharing your personal information with third parties without your consent.
  • Publicly acknowledging you as the discoverer of the issue if you agreed to this in your initial email, when we disclose the problem publicly.

 

Software Update Support

The software update support applies to currently available sonnen products and includes a minimum of 2 years of standard support.

sonnen is dedicated to enhancing product security. While we work diligently to eliminate vulnerabilities during the development process, software vulnerabilities can still exist, and we must be ready to address them when they arise. We recommend that customers install the latest software releases and security updates to ensure maximum security. For the most up-to-date information on security updates, please refer to the software release notes on https://sonnengroup.com/rln-sb/. Please note that older products may not comply with today’s higher security standards, and sonnen may not be able to provide security updates for these older models.

Copyright © 2025 - All rights reserved.