Vulnerability Reporting Template

Please use this template to report a vulnerability in PI communication protocols

CSIRT

Note: In case you would like to report a vulnerability for a specific product, please consider to directly contact the manufacturer of the product. In case you are not aware, if the vulnerability is product- or protocol-related, you can use this template. In order to evaluate the issue, PI will likely forward this report to the manufacturer of the component and PI will likely involve an interdisciplinary expert group employing staff from different member companies. In case you would like PI to handle the report without submitting you contact information to the analysis team, please check one of the following boxes..

Fully anonymous handling of report

Fully Anonymous handling of report requested. You do not need to provide contact information at all. N. B.: You will not receive any feedback in this case, nor updates about the progress of your case.

Partly Anonymous handling

Partly Anonymous handling of report requested. Contact information will be processed in the PNO office only, but will not be known by the technical evaluation team.

Reporter

Vendor Name

Contact Person

Department

Phone

Email-Address

Street

ZIP-Code

City

Country

Vulnerability

Vulnerability Report No.

Title of the vulnerability

Overview about the vulnerability

Affected Products (List of affected products and their hardware/software versions)

Detailed description of the vulnerability

Impact of the vulnerability

Fixing of the vulnerability

References

File upload

Acknowledgement

Please check this box, if you would like to be named as reporting person in the advisory, issued after the resolution of the problem

The following rules apply to the work of the CSIRT:

PI is committed to a relationship of trust with manufacturers and users. For this reason, vulnerability reports are only made available to the responsible group of people during processing and are securely stored.
PI has a responsible disclosure policy. Prior to the publication of a vulnerability that may affect their products, manufacturers are given the opportunity to work out a solution to resolve the vulnerability or mitigation in a reasonable time.
PI publishes advisories of known vulnerabilities and the associated fixes or mitigations after a reasonable period of time.
Technical experts from member companies, who support PI in the analysis of weaknesses, are bound to confidentiality - also within their own company.
PI will forward vulnerability reports concerning a company's products, together with information about the person making the report, to that company for problem resolution. Passing on the contact information of the person making the report is intended to speed up problem resolution. If anonymous forwarding is desired, this can be specified in the reporting form.
The detection or reporting of a vulnerability may violate laws or other regulations. PI will not take legal action against any person who voluntarily and in good faith reports vulnerabilities to PI.
The reporting person yields the copyright to PI to publish the reported vulnerability and the respective mitigation in an advisory.

PI will handle submitted vulnerability reports with the expected care. However, PI makes no warranty of any kind, express or implied, as to the accuracy of vulnerability reports and their resolution, including but not limited to any warranty of title, implied warranty or warranty of fitness for a particular purpose or use. In no event shall PI be liable for any errors contained herein or for any indirect, incidental, special, consequential, trust or coverage damages, including loss of profits, revenue, data or use, suffered by any user or third party.

Please note that when reporting vulnerabilities, you must observe legal provisions or other obligations, especially confidentiality obligations or export control regulations.
PI will in many cases contact the manufacturer of the component or the manufacturer of any technology components (e.g. protocol stacks) used to clarify the vulnerability report.

Acceptance of Terms*

I accept the terms of use listed above.

Submit

captcha