France en
Hotline
Contact
France | english

The Pilz Product Security Incident Response Team (PSIRT)

What does the Pilz PSIRT do?

Member of the Pilz Product Security Incident Response Team in front of his screen

The security experts in Pilz’s PSIRT analyse, assess and manage potential security vulnerabilities and security incidents relating to Pilz products and solutions. When a vulnerability is confirmed, Pilz publishes its PSIRT Security Advisories with notes on how to fix this vulnerability.

We want to encourage security experts, independent researchers, customers and other parties to report any security problems in our products and solutions to us. This is the only way we can jointly discuss further activities, coordinate them and improve the security of our products and solutions. To prevent danger to our customers and uninvolved third parties, we ask for coordinated publication of vulnerabilities, with the involvement of our PSIRT.

How do you contact the Pilz PSIRT?

The security specialists from the Pilz PSIRT manage and assess all reports of potential security vulnerabilities in Pilz products. If you have any questions about security regarding our products or infrastructure, or if you want to report any security gaps, please contact our PSIRT security experts. Please notify the PSIRT in German or English. You will typically receive confirmation of receipt within four working days (CET).

Please report any security problems with our products, solutions and online services to:

PSIRT contact

PGP-Public-Key

Please include the following information in your report:

  1. Name of person submitting the report
  2. Contact details (E-Mail, telephone)
  3. Company name
  4. Name and item number (if applicable) of the affected product
  5. Firmware or software version
  6. Description of the impact of the vulnerability
  7. Description of how the vulnerability can be exploited (please do not send us any Exploit Code unsolicited)
  8. A note as to whether the vulnerability has already been published (by you or someone else)

Cooperation on security reports

CSAF logo

We publish our Security Advisories in the CSAF standard format (Common Security Advisory Framework). This machine-readable format enables companies to process security information automatically and react more quickly to potential vulnerabilities.

Common Security Advisory Framework (CSAF)

VDE CERT logo

In cooperation with other partners, we also make our Security Advisories available via the VDE CERT platform. In this way, we ensure maximum transparency and safe, standardised communication.                                                                                                                                                                             

CERT@VDE

Pilz Incident Management Process

1. Analyse:

Our PSIRT examines the reported vulnerability and, if necessary,
requests further information from the submitter. Please note that the examination can take from a few days to a few weeks, depending on the complexity of the vulnerability and the type of product. Nonetheless, we will give feedback to the submitter after 15 working days at the latest.

2. Define measures:

Depending on the seriousness of the weakness and, if necessary, other boundary conditions, updates will be prepared. In the event of a serious vulnerability, Pilz will prepare a Security Advisory. During the process, we will regularly inform the submitter about the status.

3. Publish:

The final Security Advisory and any related security updates for the affected firmware or software will be published here and will be available for every customer to download. To download, log in with your user name. If you do not yet have a profile, you can register here free of charge. Please note that security updates may be released only in the context of the typical product release cycle, depending on the severity of the vulnerability.

What do we mean by a Security Advisory?

Print out Security Advisories

Security Advisory

Here are the current Security Advisories.

Download Security Advisories

A Security Advisory is a notification of an identified security gap in one of our products. It usually includes:

  • a detailed description of the vulnerability,
  • an assessment of its criticality based on the CVSS score,
  • an overview of the affected products and their version numbers,
  • recommended measures to fix the vulnerability,
  • and, if applicable, acknowledgement of the persons or organisations that brought the problem to our attention.
Top
Headoffice

Pilz GmbH & Co. KG
Felix-Wankel-Straße 2
73760 Ostfildern
Germany

Telephone: +49 711 3409-0
E-Mail: info@pilz.de

Service commande

1 rue Jacob Mayer - CS 80012
67037 Strasbourg Cedex 2
France

Telephone: +33 3 88 10 40 02
E-Mail: commande@pilz-france.fr

Support technique France

Telephone: +33 3 88 10 40 03
E-Mail: techsupport@pilz-france.fr

  1. Pilz
    2. /
  2. Support
    3. /
  3. Product Security (PSIRT)
Open contact form
Telephone:+33 3 88 10 40 03
Mail: techsupport@pilz-france.fr
Cookie settings

What can we do for you?

I understand that, unless I give my consent, any personal data collected will only be used for processing orders and dealing with my enquiries. Further information on data protection and contact details for our data protection officer are available here: Pilz data protection
Consent can be withdrawn at any time (E-Mail will suffice).
* Mandatory field