Service
The AUMA PSIRT (Product Security Incident Response Team) is the central Product Security Team of AUMA Riester GmbH & Co. KG. which receives, processes and answers any issues on potential security vulnerabilities of AUMA products and services.
Any issues on potential vulnerabilities related to AUMA products and services can be transmitted to the AUMA PSIRT.
The AUMA PSIRT manages internal investigations, coordinates the resulting activities and publishes notes on confirmed security vulnerabilities with available measures for mitigation or elimination.
Everybody is invited to report on potential security vulnerabilities - apart from our direct customers, this also includes experts, scientists, CERTs (Computer Emergency Response Teams), authorities, industrial associations, suppliers, consultants, plant operators and of course internal staff.
Reporting to the AUMA PSIRT is made via the PSIRT@auma.com e-mail address created for this purpose.
Since some of our products are deployed in critical infrastructures, we would like to ask you to consult us prior to disclosing security vulnerabilities. This shall avoid any hazards related to the security situation in installations until our R&D teams have defined and provided appropriate counter measures for elimination or mitigation.
To collaborate with us for disclosing security vulnerabilities, neither a non-disclosure agreement (NDA) nor any other contract is required. We aim to cooperate on a confidential and professional basis with the respective reporters when dealing with potential security vulnerabilities related with AUMA products and services.
Please send us your report either in German or English.
Information on safety vulnerabilities is critical. For this reason, we kindly would like to ask you to send encrypted messages. Please use the following PGP key to encrypt your information when transmitting to PSIRT@auma.com.
Link to download our PGP key:
Fingerprint: 64F97ED5674E7BF923018ED87788765AF3FF7089
A standardised processing process is introduced upon receipt of your notification. AUMA PSIRT shall acknowledge receipt of the reported security vulnerability, evaluate and analyse the transmitted references and coordinate the required investigations and activities for identifying a solution - this is made in close cooperation with the reporter of the security vulnerability.
Security advisories for AUMA products and services shall be published on the publicly accessible IT security platform CERT@VDE, which has been created for coordinating security vulnerabilities specifically for companies in industrial automation.