The Festo PSIRT is a central team at Festo SE & Co. KG tasked with managing the investigation and disclosure of security vulnerabilities. All reports about possible vulnerabilities or other security incidents in connection with Festo products can be forwarded to the Festo PSIRT. The Festo PSIRT coordinates and maintains communication with everyone involved, both internally and externally, so that it can provide an appropriate response to any security problems that are identified.
Disclosing vulnerabilities allows us to fix these vulnerabilities and inform customers using the products in question about the fix. This approach can help us to keep making our products more secure and above all support Festo customers in managing security risks.
If you think you have uncovered a security vulnerability in a Festo product, please report it by email or using the contact form.
Please include the following information with your report:
Festo will ensure that the information is sent to a select group of designated Festo employees with experience in dealing with incidents of this type: the Festo Product Security Incident Response Team (PSIRT). Neither unauthorised employees nor external users will have access to the information you send.
In addition, Festo will ensure that the identity and contact details of the security expert are kept confidential and not published in any public statements (advisories and bulletins) unless explicitly requested by the security expert. The Festo PSIRT will investigate the reported vulnerability and contact you as soon as possible.
Stay up to date
The Festo PSIRT investigates all reports of security problems and publishes security advisories about validated security vulnerabilities that affect Festo products directly and require either a software update, software upgrade or another action by the customer. As part of ongoing efforts to support operators in addressing security risks and in ensuring the protected operation of systems, the Festo PSIRT publishes information that operators need to evaluate the ramifications of a security vulnerability.
Alternatively, you can download the files from our partner platform CERT@VDE.