The Pilz Product Security Incident Response Team (PSIRT)

The security experts in Pilz’s PSIRT analyse, assess and manage potential security vulnerabilities and security incidents relating to Pilz products and solutions. When a vulnerability is confirmed, Pilz publishes its PSIRT Security Advisories with notes on how to fix this vulnerability.

We want to encourage security experts, independent researchers, customers and other parties to report any security problems in our products and solutions to us. This is the only way we can jointly discuss further activities, coordinate them and improve the security of our products and solutions. To prevent danger to our customers and uninvolved third parties, we ask for coordinated publication of vulnerabilities, with the involvement of our PSIRT.

The security specialists from the Pilz PSIRT manage and assess all reports of potential security vulnerabilities in Pilz products. If you have any questions about security regarding our products or infrastructure, or if you want to report any security gaps, please contact our PSIRT security experts. Please notify the PSIRT in German or English. You will typically receive confirmation of receipt within four working days (CET).

Please report any security problems with our products, solutions and online services to:

PSIRT contact

PGP-Public-Key

Please include the following information in your report:

1. Name of person submitting the report
2. Contact details (E-Mail, telephone)
3. Company name
4. Name and item number (if applicable) of the affected product
5. Firmware or software version
6. Description of the impact of the vulnerability
7. Description of how the vulnerability can be exploited (please do not send us any Exploit Code unsolicited)
8. A note as to whether the vulnerability has already been published (by you or someone else)

In partnership with other companies, we publish our security advisories via the CERT VDE platform.

CERT@VDE

1. Analyse:

Our PSIRT examines the reported vulnerability and, if necessary,
requests further information from the submitter. Please note that the examination can take from a few days to a few weeks, depending on the complexity of the vulnerability and the type of product. Nonetheless, we will give feedback to the submitter after 15 working days at the latest.

2. Define measures:

Depending on the seriousness of the vulnerability and, if applicable, other boundary conditions, updates will be prepared. In the event of a serious vulnerability, Pilz will prepare a Security Advisory. During the process, we will regularly inform the submitter about the status.

3. Publish:

The final Security Advisory and any related security updates for the affected firmware or software will be published here and will be available for every customer to download. To download, log in with your user name. If you do not yet have a profile, you can register here free of charge. Please note that security updates may be released only in the context of the typical product release cycle, depending on the severity of the vulnerability.

A Security Advisory is a notification of an identified security gap in one of our products. It usually includes:

• a detailed description of the vulnerability,
• an assessment of its criticality based on the CVSS score,
• an overview of the affected products and their version numbers,
• recommended measures to fix the vulnerability,
• and, if applicable, acknowledgement of the persons or organisations that brought the problem to our attention.