Festo PSIRT (Product Security Incident Response Team)
The Festo PSIRT is a central team at Festo SE & Co. KG tasked with managing the investigation and disclosure of security vulnerabilities. All reports about possible vulnerabilities or other security incidents in connection with Festo products can be forwarded to the Festo PSIRT. The Festo PSIRT team coordinates and maintains communication with everyone involved, both internal and external, in order to be able to reply appropriately to any security problems that have been identified.
The vulnerability handling process is described in the following document:
Why should you report vulnerabilities?
Disclosing vulnerabilities enables us to fix them and inform customers using the products in question about the fix. This approach can help us to keep making our products more secure and above all support Festo customers in managing security risks.
If you think you have uncovered a security vulnerability in a Festo product, please report it by email or by using the contact form.
Please include the following information with your report:
- Product line
- Susceptible version
- Type of vulnerability (CWE-ID, CVE-ID if available)
- Company name
What happens to your report?
Festo makes sure that the information is sent to a select group of designated Festo employees who have experience in dealing with this type of issues: the Product Security Incident Response Team (PSIRT). Neither unauthorised employees nor external users have access to the information you send.
Festo also makes sure that the identity and contact details of the security expert are kept confidential and are not published in public statements (advisories and bulletins) unless explicitly requested by the security expert. The Festo PSIRT will investigate the reported vulnerability and contact you as soon as possible.
The Festo PSIRT investigates all reports of security problems and publishes security advisories on validated security vulnerabilities that affect Festo products directly and require either a software update, software upgrade or another action by the customer. As part of ongoing efforts to support operators in addressing security risks and in ensuring the protected operation of systems, the Festo PSIRT publishes information that operators need to evaluate the ramifications of a security vulnerability.
Stay up to date with our security advisories
We publish information about vulnerabilities in Festo products and new or updated security advisories on our partner platform CERT@VDE.