Report a vulnerability

Westermo encourages responsible reporting by individuals and organisations who experienced product security issue or discovered potential security vulnerabilities in products. Reporting parties are advised to provide sufficient details to allow Westermo to reproduce and validate the issue. Where possible, please include the following:

  • Contact information for follow-up communication including source of public PGP key if applicable
  • Affected products, including hardware model and software version
  • Technical description of vulnerability
  • Reproduction steps
  • Initial impact assessment (e.g. CVSS)
  • Proof‑of‑concept information, network traces, screenshots or other evidences

To report a vulnerability, please contact us via e-mail:

PSIRT@westermo.com

Westermo encourages the encryption of sensitive information that is sent in email messages. The following open source tools can be used to encrypt sensitive information to Westermo using the Westermo PSIRT PGP Key:

Windows, Gpg4win:  https://www.gpg4win.org/documentation.html

Mac OSX, GPGTools: https://gpgtools.org

Key ID: E9E3B9F6

Fingerprint: D219740A08C9511A1D2FDA488B33387BE9E3B9F6

Westermo will acknowledge receipt of vulnerability reports usually within one business day. The acknowledgement will include a unique tracking number. Each vulnerability report will be handled following Westermo's standard process that includes initial triage, coordination and disclosure phases.

The complete Coordinated Vulnerability Disclosure Policy can be downloaded here >

PGP key for secure reporting

Carl de Bruin

International Sales

Ask me about cybersecurity

Please enter a message of at least 30 characters

Please enter a valid email

Please enter a valid phone number

Other ways to contact us

Please enter your email to download the file


Thank you! An email is on its way to your inbox.

Something went wrong! Please try again later.