[et_pb_section fb_built=”1″ custom_padding_last_edited=”on|desktop” admin_label=”Header” _builder_version=”4.17.3″ background_color_gradient_direction=”176deg” background_image=”https:\/\/www.microcontrol.net\/wp-content\/uploads\/2021\/10\/MicoControl_Troisdorf_Fahnen.jpg” width=”90%” custom_margin=”||||false|false” custom_margin_tablet=”” custom_margin_phone=”” custom_margin_last_edited=”on|tablet” custom_padding=”75px||||false|false” custom_padding_tablet=”0px||0px||false|true” custom_padding_phone=”0px||||false|false” background_last_edited=”off|tablet” background_size_phone=”cover” background_position_tablet=”top_center” background_position_phone=”center” locked=”off” global_colors_info=”{}”][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.16″ _module_preset=”default” background_color=”RGBA(0,0,0,0)” width=”100%” max_width=”100%” module_alignment=”center” custom_margin=”|0px|0px|0px|false|false” custom_padding=”||0px||false|false” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_image src=”https:\/\/www.microcontrol.net\/wp-content\/uploads\/2021\/03\/robotics-05-1.png” title_text=”robotics-05-1″ show_bottom_space=”off” align=”right” _builder_version=”4.16″ _module_preset=”default” background_enable_image=”off” background_size=”contain” background_position=”bottom_right” max_width_tablet=”50%” max_width_phone=”50%” max_width_last_edited=”on|desktop” module_alignment=”right” custom_margin=”50px|0px||0px|false|false” custom_padding=”|0px||0px|false|false” module_alignment_tablet=”” module_alignment_phone=”” module_alignment_last_edited=”on|phone” global_colors_info=”{}”][\/et_pb_image][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.16″ _module_preset=”default” background_color=”RGBA(0,0,0,0)” custom_padding=”0px||0px|||” global_colors_info=”{}”][et_pb_row _builder_version=”4.16″ _module_preset=”default” custom_margin=”|auto|-1px|auto||” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][lwp_divi_breadcrumbs use_before_icon=”off” link_color=”#ef7c00″ separator_color=”#565655″ current_text_color=”#565655″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][\/lwp_divi_breadcrumbs][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.16″ _module_preset=”default” custom_padding=”50px|||||” global_colors_info=”{}”][et_pb_row _builder_version=”4.16″ _module_preset=”default” background_color=”RGBA(0,0,0,0)” custom_margin=”-2px|auto|0px|auto|false|false” custom_padding=”7px||0px||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ header_font=”|600|||||||” header_text_color=”#ef7c00″ header_font_size=”36px” header_line_height=”1.2em” header_2_font=”|600|||||||” header_2_text_color=”#ef7c00″ header_2_font_size=”36px” header_2_line_height=”1.1em” background_layout=”dark” custom_margin=”-12px||0px||false|false” custom_padding=”||7px|||” header_font_size_tablet=”36px” header_font_size_phone=”28px” header_font_size_last_edited=”on|phone” global_colors_info=”{}”]<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section][et_pb_section fb_built=”1″ _builder_version=”4.16″ _module_preset=”default” custom_margin=”0px||||false|false” custom_padding=”0px||||false|false” global_colors_info=”{}”][et_pb_row _builder_version=”4.16″ _module_preset=”default” custom_margin=”0px||||false|false” custom_padding=”0px||||false|false” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font=”|300|||||||” text_font_size=”17px” header_3_text_color=”#ef7c00″ global_colors_info=”{}”]MicroControl GmbH & Co. KG takes the security of its products, services, and infrastructure seriously. We appreciate reports from security researchers, customers, partners, and other third parties who help us identify and resolve potential vulnerabilities responsibly. <\/p>\n
This page describes how to report a suspected security vulnerability affecting MicroControl products and how we handle such reports.[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font=”|300|||||||” text_font_size=”17px” header_3_text_color=”#ef7c00″ global_colors_info=”{}”]<\/p>\n
If you believe you have discovered a security vulnerability in a MicroControl product, firmware, software component, documentation package, or online service, please contact us at:<\/p>\n
E-Mail: incident (at) microcontrol.net<\/a><\/span><\/strong><\/p>\n Please include as much information as possible to help us understand, reproduce, and assess the issue. Useful information includes: <\/p>\n – Affected product name and product ID Please do not include sensitive customer data, personal data, passwords, private keys, or confidential third-party information unless strictly necessary.<\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font=”|300|||||||” text_font_size=”17px” header_3_text_color=”#ef7c00″ global_colors_info=”{}”]<\/p>\n This policy applies to security vulnerabilities affecting MicroControl products and related digital assets, including but not limited to:<\/p>\n – Embedded devices and electronic control products This policy does not cover general technical support requests, feature requests, product availability questions, or non-security-related bugs. For those topics, please use the regular contact channels on our website.[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font=”|300|||||||” text_font_size=”17px” header_3_text_color=”#ef7c00″ global_colors_info=”{}”]<\/p>\n We follow a coordinated vulnerability disclosure process. After receiving a report, we will review the information, validate the issue, assess the potential impact, and determine appropriate remediation or mitigation steps. <\/p>\n We ask reporters to give us reasonable time to investigate and resolve the issue before making information public. We also ask that you avoid actions that could harm MicroControl, our customers, or third parties, including: <\/p>\n – Accessing, modifying, or deleting data that does not belong to you When you report a vulnerability to MicroControl, we aim to:<\/p>\n – Acknowledge receipt of your report within a reasonable time Response and remediation timelines depend on the complexity of the issue, affected products, safety considerations, customer impact, supply chain dependencies, and regulatory requirements.[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font=”|300|||||||” text_font_size=”17px” header_3_text_color=”#ef7c00″ hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″]<\/p>\n When a vulnerability affects MicroControl products and requires customer action, we may publish a security advisory.<\/p>\n Security advisories may include:<\/p>\n – Affected product names and product IDs Where appropriate, MicroControl may provide machine-readable security advisories in CSAF format<\/strong>.<\/p>\n CSAF provider metadata, if available, can be found at:<\/p>\n https:\/\/www.microcontrol.net\/.well-known\/csaf\/provider-metadata.json<\/strong><\/a><\/p>\n [\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font=”|300|||||||” text_font_size=”17px” header_3_text_color=”#ef7c00″ global_colors_info=”{}”]<\/p>\n Depending on the affected product and vulnerability, remediation may include one or more of the following:<\/p>\n – Firmware update Customers are responsible for evaluating and applying updates or mitigations in their own operational environment. For industrial and embedded environments, updates should be tested and deployed according to the customer\u2019s safety, availability, and maintenance requirements.[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font=”|300|||||||” text_font_size=”17px” header_3_text_color=”#ef7c00″ global_colors_info=”{}”]<\/p>\n MicroControl may coordinate vulnerability handling with customers, suppliers, CERTs, CVE Numbering Authorities, industry partners, or regulatory bodies where appropriate.<\/p>\n If a vulnerability involves third-party components, open-source software, or supplier-provided technology, we may coordinate with the responsible party before publishing final information.[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font=”|300|||||||” text_font_size=”17px” header_3_text_color=”#ef7c00″ global_colors_info=”{}”]<\/p>\n Information provided under this security policy, including advisories, mitigations, and recommendations, is provided in good faith and for informational purposes. It does not create any additional warranty, guarantee, or contractual obligation beyond the applicable product agreements and statutory requirements.[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font=”|300|||||||” text_font_size=”17px” header_3_text_color=”#ef7c00″ global_colors_info=”{}”]<\/p>\n For security vulnerability reports, please contact:<\/p>\n MicroControl GmbH & Co. KG<\/strong> For non-security inquiries, please use the general contact options provided on our website.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"
– Firmware, software, or hardware version
– Serial number or device variant, if relevant
– Description of the vulnerability
– Steps to reproduce the issue
– Proof-of-concept code, logs, screenshots, or packet captures, if available
– Potential impact
– Whether the issue is already publicly known
– Your contact details for follow-up questions<\/p>\nScope<\/h2>\n
\n– Firmware and bootloader components
\n– Configuration tools and related software
\n– Product documentation where security-relevant information is affected
\n– Public MicroControl web services<\/p>\nCoordinated Vulnerability Disclosure
\n<\/h2>\n
\n– Disrupting services or production systems
\n– Performing denial-of-service testing
\n– Using social engineering, phishing, or physical attacks
\n– Publicly disclosing vulnerability details before coordination is complete[\/et_pb_text][et_pb_text _builder_version=”4.27.6″ _module_preset=”default” text_font=”|300|||||||” text_font_size=”17px” header_3_text_color=”#ef7c00″ global_colors_info=”{}”]<\/p>\nWhat You Can Expect From Us<\/h2>\n
\n– Keep you informed about the status of our analysis where appropriate
\n– Work with you to understand and reproduce the issue
\n– Assess affected products, versions, and configurations
\n– Provide remediation, mitigation, or workaround information where applicable
\n– Coordinate public disclosure when necessary
\n– Credit you for the report if you request it and if legally and practically possible<\/p>\nSecurity Advisories<\/h2>\n
– Affected firmware or software versions
– Vulnerability description
– Severity rating, such as CVSS where applicable
– Remediation, mitigation, or workaround information
– References to CVE identifiers, if assigned
– Revision history<\/p>\nProduct Updates and Remediation<\/h2>\n
\n– Software update
\n– Configuration change
\n– Network segmentation recommendation
\n– Operational mitigation
\n– Product-specific workaround
\n– Customer notification or security advisory<\/p>\nVulnerability Handling and Communication<\/h2>\n
No Warranty<\/h2>\n
Contact<\/h2>\n
Security Contact
E-Mail: incident@microcontrol.net
Website: https:\/\/www.microcontrol.net<\/a><\/p>\n