Australia | english
Australia | english

Secure Product Lifecycle

Men in suits sitting at a table

Industrial Security starts with product development. To ensure that our product solutions at Pilz are Safe and Secure, we take care to establish a holistic product lifecycle, which verifiably takes Security into account within our company. From the PSIRT team, which ensures continuous security management, to Security Advisories and secure processes for the product lifecycle - we are there for you.

 

Security is a “moving target”, i.e. security changes during a product’s lifecycle. Attackers develop increasingly better methods to overcome defence measures. New vulnerabilities are discovered in products and offer potential for attacks. Or the threat situation changes, due to new software for example.
 
For this reason, measures against cyber threats or manipulation must be regularly reviewed. The responsibility for this lies primarily with plant operators. Machine builders and component manufacturers should immediately inform the operators about new security problems. Appropriate updates for their device software must be provided so that their customers can fix vulnerabilities. If system integrators are involved in the process, they act as an intermediary between manufacturer and operator. It is important that all involved work in close collaboration throughout the entire product lifecycle. 

Product development at Pilz in accordance with the standard for Industrial Security

Pilz is a Safety expert. It's important to us that our products are not only Safe, but also Secure. That's why we commissioned TÜV Süd to scrutinise our development processes and test them on the basis of the standard IEC 62443-4-1, which defines secure product development, the "Security Development Lifecycle Process" (SDL process). This approach examines potential security features, even as a new product is being designed. It is intended to ensure that all of a product's security risks are detected by modelling the threats and, ideally, rectifying them in the product during the development process.

The result of the audit: Pilz's development met the requirements of the standard and complies with the SDL process. So we can now say with certainty: Pilz developments are not only Safe, but also Secure!

According to TÜV Süd, the development of secure products in accordance with IEC 62443-4-1 is taken very seriously at Pilz and creates a solid basis for subsequent product certifications.

TÜV Süd logo

Security Vulnerability Management

Pilz manufactures not just hardware but also software solutions. Security gaps in software cannot be 100 % prevented. It’s important, therefore, that users and administrators are informed about these gaps in a timely manner so that they can take the necessary countermeasures before any damage can occur. Our products and services meet the highest quality requirements. That’s why Pilz takes Security into account even as it develops its own products. However, security gaps in software cannot be 100 % avoided. So we take any reports of potential vulnerabilities very seriously for Incident Management purposes. Users and administrators must be informed about these gaps in a timely manner so that they can take the necessary countermeasures before any damage can occur. This is the only way we can keep the very high quality level of our products. To make this work, it is important to establish an appropriate management system within the company, including a Product Security Incident Response Team (PSIRT). The Pilz PSIRT team  issues security advisories to provide recommendations for action that can be used to fix detected vulnerabilities.

A key with a yellow stripe

What is a Security Advisory?

A Security Advisory informs about an existing security gap in one of our products and it typically includes:

  • A description of the vulnerability,
  • A criticality assessment of the vulnerability in the form of a CVSS* score,
  • A list of the affected products, including the version,
  • Potential countermeasures and, if applicable, an acknowledgement to those who reported the vulnerability.


*The CVSS (Common Vulnerability Scoring System) is a globally recognised standard procedure for assessing the criticality of a vulnerability. Version 3.0 of the CSVV is currently available. CVSSv3 defines a score of 0-10. The lowest criticality is assessed at 0, the highest at 10.

Printed Security Advisory

Here are the current security advisories.

Security Advisories

The Pilz Product Security Incident Response Team (PSIRT)

What does the Pilz PSIRT do?

The security experts in Pilz’s PSIRT analyse, assess and manage potential security vulnerabilities and security incidents relating to Pilz products and solutions. When a vulnerability is confirmed, Pilz publishes its PSIRT Security Advisories with notes on how to fix this vulnerability.

We want to encourage security experts, independent researchers, customers and other parties to report any security problems in our products and solutions to us. This is the only way we can jointly discuss further activities, coordinate them and improve the security of our products and solutions. To prevent danger to our customers and uninvolved third parties, we ask for coordinated publication of vulnerabilities, with the involvement of our PSIRT.

How to reach the Pilz PSIRT:

The security specialists from the Pilz PSIRT manage and assess all reports of potential security vulnerabilities in Pilz products. If you have any questions about security regarding our products or infrastructure, or if you want to report any security gaps, please contact our PSIRT security experts. Please notify the PSIRT in German or English. Typically you can expect an initial reaction within two working days (CET).

Please report any security problems with our products, solutions and online services to:

PSIRT contact

Please include the following information in your report:

  • Item number of the affected product
  • Device and firmware (if available)
  • Exploit or further data that will help us reproduce the problem, if applicable
  • A note as to whether the vulnerability has already been published (by you or someone else)

Pilz Incident Management Process

1. Analyse: Our PSIRT examines the reported vulnerability and if necessary, requests further information from the submitter. Please note that the examination can take from a few days to a few weeks, depending on the complexity of the vulnerability and the type of product. Nonetheless, we will give feedback to the submitter after 15 working days at the latest.

2. Define measures: Depending on the seriousness of the vulnerability and, if applicable, other boundary conditions, updates will be prepared. In the event of a serious vulnerability, Pilz will prepare a Security Advisory. During the process, we will regularly inform the submitter about the status.

3. Publish: The final Security Advisory and any related patches will be published here and will be available for every customer to download. To download, log in with your user name. If you do not yet have a profile, you can register here free of charge. Please note that patches may be released only in the context of the typical product release cycle, depending on the severity of the vulnerability.

A man in a suit standing in front of a hologram

Gain an overview of Industrial Security

New technologies such as the Internet of Things, artificial intelligence and robotics present opportunities, but also risks. Find out more about the legal requirements and discover our Industrial Security Portfolio!

Overview of Industrial Security in Machinery Safety
Head office

Pilz Australia Safe Automation
Unit 1, 12-14 Miles Street
Mulgrave, Melbourne, Victoria 3170
Australia

Telephone: +61 3 9560 0621 / 1300 723 334
E-Mail: safety@pilz.com.au

Inside Sales



Telephone: +61 3 9560 0621
E-Mail: sales@pilz.com.au

Technical Support

Telephone: +61 3 9560 0621
E-Mail: techsupport@pilz.com.au

Top
  1. Australia
    2. /
  2. Products and industries
    3. /
  3. Security
    4. /
  4. Secure Product Lifecycle
Webcode: 200564