Schenck Passion for Balancing Logo Cyber- and productsecurity

You need sales support?

Call us
+33 (0) 1 34 32 90 15

Any service related questions?

Call us
+33 (0) 1 34 32 90 18

Go to the help desk

Schenck RoTec Vulnerability Handling and Disclosure Process

Welcome to the Coordinated Vulnerability Disclosure (CVD) process of Schenck RoTec. Schenck RoTec is committed to promoting the cybersecurity of its products. The adoption of a holistic and comprehensive approach is central to the securing of Schenck RoTec products, solutions, services and IT infrastructure. Schenck RoTec has established a vulnerability and incidents management process for discovering, handling, disclosing, and remediating cybersecurity vulnerabilities in its product portfolio, and production infrastructure.

The vulnerability handling process at Schenck RoTec consists of the following four steps: 

  1. Vulnerability Discovery: If you have discovered a cybersecurity vulnerability affecting one of our products, solutions or infrastructure components, please use the following instructions to report it:
  • Webform is the preferred mode of communication, but the other modes of communication (email and fax) are available for your use. The following information provider can be used to contact us: www.<entity.com>/.well-known/security.txt&gt;
    Encryption key, and the instruction on how to perform PGP encryption is provided here. PGP encryption instructions: www.<entity.com>. well-known/security.txt>
  • In your vulnerability notification, please provide the following information in plain text. Please note that any attachements, diagrams or pictures may not be processed:
    • Affected product name, solution or infrastructure component.
    • Product/machine number.
    • Product model and software version.
    • Description of vulnerability, including (if available):
      • Indication of established exploitation of this vulnerability in these product(s) during production use.
      • List of CVEs exploitable in the product.
      • Conditions for exploitation.
      • How to execute/repeat the exploitation.
      • What tools are needed to perform the exploitation.
      • The effect or outcome of the exploitation.
      • Evidence report of the above.
      • Publicity of vulnerability (was it already publicly disclosed?)
    • An automated acknowledgement will be sent to you in response to any disclosures sent via email. This acknowledgement email will provide you with the opportunity to specify how we handle or protect your identity and the privacy of your information.
    • If you notified us via email or provided your email address in the product vulnerability notification web form, we will retain this address throughout the resolution period of the reported vulnerability. We may contact you repeatedly via this email address if we require more information. If you wish to remain anonymous, please select the 'Anonymous' checkbox on the webform or indicate in your email/fax that you do not wish to be contacted.
    • Your contact information will be handled in accordance with the GDPR. Please refer to our data protection and privacy policy for more 
      information.
  1. Vulnerability Triage: Schenck RoTec will investigate, and analyze the notified vulnerability.
  2. Vulnerability Remediation: Schenck RoTec will perform internal vulnerability management in collaboration with the relevant product development teams. During this process, we will maintain regular communication with the reporting party, where available, to keep them informed of the current status.
  3. Vulnerability Disclosure: After the vulnerability issue has been analyzed, the relevant fixes will be developed and released via established channels and shall include accompaning advisory.
Vulnerability report form