centrotherm Product Security Incident Response Team

PSIRT

Product and cybersecurity are an ongoing process. Our goal is to continuously improve the security of our systems and to identify and remediate potential vulnerabilities quickly and responsibly.

The centrotherm Product Security Incident Response Team (PSIRT) serves as the central point of contact for reporting, assessing, and coordinating the handling of security risks and incidents.

By reporting vulnerabilities, you help us to:

  • identify potential security risks at an early stage and develop appropriate mitigation measures,
  • provide customers with transparent information and support them in assessing potential risks, and
  • continuously enhance the security and quality of our products.

We welcome reports from customers, partners, security researchers, and independent assessors who have identified a potential vulnerability in one of our products. Every report helps us further improve the security of our products.

To protect our customers, we kindly ask you to report any discovered vulnerabilities confidentially to our PSIRT first and refrain from publicly disclosing them until an appropriate remediation has been implemented or a Security Advisory has been published in coordination with all relevant parties.

Report a Security Vulnerability


When submitting a report, please include the following information whenever possible:

  • Your name / company
  • Your contact details (email address / phone number)
  • Affected system / product line
  • Firmware / software version
  • Type of vulnerability and a brief description of how it can be exploited
  • Whether the vulnerability has already been disclosed or published elsewhere

Process Overview: What Happens to Your Report?

All incoming reports are accessible only to a limited group of authorized and qualified members of the PSIRT. Neither unauthorized employees nor external third parties have access to the submitted information. The identity and contact details of the reporting party are treated as confidential and will not be disclosed without their explicit consent.

The Process in Four Steps:

Acknowledgement of Receipt

You will typically receive an acknowledgement confirming receipt of your report within XXX business days.

Analysis & Assessment

Our PSIRT reviews the reported vulnerability and assesses its severity, typically using the Common Vulnerability Scoring System (CVSS). Depending on the complexity of the issue, the assessment may take anywhere from a few days to several weeks. You will receive a status update no later than XXX business days after submitting your report.

Remediation & Mitigation

For confirmed vulnerabilities, we develop appropriate remediation measures, such as patches, updates, or workarounds. If a vulnerability has a significant impact on customers, we will publish a Security Advisory. Throughout the process, we will keep you informed about the progress.

Publication

The final Security Advisory, together with any associated updates, will be published on this page and made available to all customers. Upon request, we are pleased to acknowledge the reporting party in the Security Advisory (credit).