Report a vulnerability

Westermo encourages responsible reporting by individuals and organisations who experienced product security issue or discovered potential security vulnerabilities in products. Reporting parties are advised to provide sufficient details to allow Westermo to reproduce and validate the issue. Where possible, please include the following:

  • Contact information for follow-up communication including source of public PGP key if applicable
  • Affected products, including hardware model and software version
  • Technical description of vulnerability
  • Reproduction steps
  • Initial impact assessment (e.g. CVSS)
  • Proof‑of‑concept information, network traces, screenshots or other evidences

To report a vulnerability, please contact us via e-mail:

PSIRT@westermo.com

Westermo encourages the encryption of sensitive information that is sent in email messages. The following open source tools can be used to encrypt sensitive information to Westermo using the Westermo PSIRT PGP Key:

Windows, Gpg4win:  https://www.gpg4win.org/documentation.html

Mac OSX, GPGTools: https://gpgtools.org

Key ID: E9E3B9F6

Fingerprint: D219740A08C9511A1D2FDA488B33387BE9E3B9F6

Westermo will acknowledge receipt of vulnerability reports usually within one business day. The acknowledgement will include a unique tracking number. Each vulnerability report will be handled following Westermo's standard process that includes initial triage, coordination and disclosure phases.

The complete Coordinated Vulnerability Disclosure Policy can be downloaded here >

PGP key for secure reporting

Nuri Shakeer

International Sales

Ask me about Industrial Cybersecurity

Indtast en besked på mindst 30 tegn

Indtast en gyldig e-mailadresse

Indtast et gyldigt telefonnummer

Andre måder at kontakte os på

Indtast venligst din e-mailadresse for at hente filen


Tak! Der er sendt en e-mail til din indbakke.

Noget gik galt! Prøv igen senere.