To address potential vulnerabilities and minimize the risk to our customers, we rely on your assistance in identifying security issues. We encourage the reporting of any vulnerabilities found in our products or services.
Communication with the reporter is conducted transparently through the CERT@VDE security platform. The vulnerability will also be publicly available there. For more information about our partner, please visit their website.
Published Security Advisories:
You can find our published security advisories at the following link:
https://cert.vde.com/de/advisories/vendor/bucherautomation
Procedure
- Report
- Analysis
- Handling
- Disclosure
Report
Please report any identified security vulnerabilities to us. This can be done via email to psirt@bucherautomation.com or through the CERT@VDE platform. You will receive feedback on your report within 2 business days. Please create the report in German or English including the following information
- Affected component or software with serial number or version number
- Detailed description of the vulnerability
- Your email address for further inquiries or status updates
Analysis
Your report will first be reviewed and then forwarded to the relevant department. There, we will attempt to reproduce the issue and assess its criticality. If further information is needed, we will contact you.
Handling
We will carry out the vulnerability handling process and attempt to resolve the issue or mitigate its impact. As this process can be very demanding, please allow us some time. Once we have developed a satisfactory solution, we will inform the reporter.
Disclosure
The vulnerability can now be published. All relevant information regarding the vulnerability and the measures taken will be disclosed. With the reporter's consent, they will be acknowledged on our website for their cooperation.