As the cybersecurity landscape continues to evolve, vulnerabilities can affect any technology provider. Westermo takes a proactive approach to vulnerability management, recognizing that timely identification, assessment, and response are critical to maintaining product security.
To maintain a high level of product cybersecurity, Westermo operates a dedicated PSIRT (Product Security Incident Response Team) that investigates and responds to reported vulnerabilities. Beyond handling incoming reports, we proactively monitor vulnerability databases, and the wider threat landscape to identify CVEs and other cybersecurity issues that could affect our products throughout their lifecycle. At Westermo we have a Coordinated Vulnerability Disclosure (CVD) policy and a well-defined process that ensures all vulnerabilities are handled in a transparent, timely, and coordinated manner.
Westermo PSIRT is responsible for the reception, identification, assessment and disposition of the risks associated with security vulnerabilities in accordance with the scope of this policy. PSIRT is also responsible for coordination and communication with all internal stakeholders to ensure proper response and when necessary, release Security Advisories.
Westermo welcomes vulnerability reports from any individual or organisation that identifies a potential security issue, including customers, independent security researchers, academic institutions, industry partners, and other members of the cybersecurity community.
The Coordinated Vulnerability Disclosure process is illustrated below:

Westermo encourages the responsible reporting of suspected vulnerabilities through its official reporting channels and acknowledges received reports with a tracking number, typically within one business day.
Westermo investigates and validates reported vulnerabilities, requesting additional information where necessary and developing an appropriate mitigation and remediation plan for confirmed issues.
Westermo coordinates the handling of validated vulnerabilities with relevant development teams, maintains communication with the reporting party, and, where required, engages competent authorities and releases mitigations or software updates.
Westermo follows a coordinated vulnerability disclosure process, typically targeting disclosure within 90 days of acknowledgement, while communicating fixes and security advisories through established customer notification channels.
Westermo will use existing customer notification processes to manage the release of fixes and patches. This may include direct customer notification, or public release of security advisory containing all information.
Security advisories may be published in stages as information and mitigations become available.
The complete Coordinated Vulnerability Disclosure Policy can be downloaded here >
If you are experiencing a product security issue, we strongly encourage you to contact the Westermo PSIRT Product Security Incident Response Team).
Here you will find security advisories for any vulnerability issues related to Westermo products. You can easily sign up to receive future alerts in your inbox.
Benefit from our 40+ years of industry knowledge to ensure that your cybersecurity measures are appropriate to the application.
Westermo products and software solutions are made in Sweden within a secure development lifecycle.
Security configurations are made easy and reliable with WeOS and our suite of network management tools.
Nuri Shakeer
International Sales
Ved supporthenvendelser, klik her for at kontakte teknisk support