Welcome the Website of the Phoenix Contact Product Security Incident Response Team (PSIRT). The Phoenix Contact PSIRT is the central team for Phoenix Contact as well as for its subsidiaries, authorized to respond to potential security vulnerabilities, incidents and other security issues related to Phoenix Contact products, solutions as well as services.
Phoenix Contact PSIRT manages the disclosure, investigation internal coordination and publishes security advisories for confirmed vulnerabilities where mitigations/fixes are available.
We actively encourage security researchers and other parties who detect potential security issues in Phoenix Contact products, solutions and services to contact the Phoenix Contact PSIRT to discuss and coordinate activities, in a joint-effort to increase the security posture for Phoenix Contact and its customers.
Submit a vulnerability
Anyone can submit potential vulnerabilities to Phoenix Contact PSIRT by email. Regardless if you are a Phoenix Contact customer or not, we highly encourage you to report discovered vulnerabilities to us. No confidentiality agreement (NDA) or other contract is required for working with us on vulnerability disclosure. We aim to work with vulnerability reporters professionally on handling any vulnerability claim that is related to Phoenix Contact products, solutions and services.
We highly appreciate coordinated vulnerability reports from any members of the security community such as security researchers, academia, other CERTs, business partners, governmental agencies or any other sources. As some of our components are being deployed as parts of critical systems, we kindly ask to work with us on a coordinated disclosure, avoiding publication until our development groups have created an appropriate fix/mitigation. You may contact us with your vulnerability claims via email.
When submitting, please try to include the following information elements in your email as well in order to speed up the handling process:
- Reporter’s Name: In case you would like to stay anonymous, we respect your interests.
- Contact Details: Email address and phone number under which we may contact you.
- Affiliation: What is your organizational affiliation (if any)?
- Vulnerability type submitted: How would you describe the vulnerability type (e.g. XSS, Buffer Overflow, Hardcoded credentials,…)?
- Vulnerability trigger: Can you provide any proof-of-concept (PoC) exploit code for triggering the vulnerability, alternately network traces (e.g. pcaps) or a description how the vulnerability can be triggered?
- Vulnerability effects: Did you observe any effects that the vulnerability leads to/induces?
- Affected components: In which product/solution/service (if available) have you found the vulnerability? Please include any information available to you such as product family / group / firmware / software version. For services, please point out the location (e.g. URL).
- Confidentiality of vulnerability: Was the vulnerability publicly disclosed already or do you have any concrete disclosure plans?
Phoenix Contact PSIRT guarantees to acknowledge receipt of new vulnerability reports within two business days and thanks all reporting parties for their efforts in working with us on improving the security posture for Phoenix Contact and its customers.
As information about vulnerabilities and vulnerability claims are critical, we prefer to receive this information encrypted. We thereby kindly ask you to use our PGP key to encrypt the information when you report a potential security vulnerability to Phoenix Contact PSIRT.
If you are contacting the Phoenix Contact PSIRT for the first time, or if your PGP key has changed, we ask you to attach your PGP public key to your initial email to enable immediate end-to-end encryption.
PGP Key: 94064631
PGP Fingerprint: 2075 33A9 B1E1 929D 8B9A BD18 0602 A718 9406 4631
Unsubscribe PSIRT news
You no longer wish to receive updates from Phoenix Contact PSIRT. Please unsubscribe here.
We publish our advisories together with other companies on the VDE CERT Website.