logo
Skip to main content

Vulnerability Reporting Template

Please use this template to report a vulnerability in PI communication protocols

CSIRT
Note: In case you would like to report a vulnerability for a specific product, please consider to directly contact the manufacturer of the product. In case you are not aware, if the vulnerability is product- or protocol-related, you can use this template. In order to evaluate the issue, PI will likely forward this report to the manufacturer of the component and PI will likely involve an interdisciplinary expert group employing staff from different member companies. In case you would like PI to handle the report without submitting you contact information to the analysis team, please check one of the following boxes..
Reporter
Vulnerability
Copyright
The following rules apply to the work of the CSIRT:
  • PI is committed to a relationship of trust with manufacturers and users. For this reason, vulnerability reports are only made available to the responsible group of people during processing and are securely stored.
  • PI has a responsible disclosure policy. Prior to the publication of a vulnerability that may affect their products, manufacturers are given the opportunity to work out a solution to resolve the vulnerability or mitigation in a reasonable time.
  • PI publishes advisories of known vulnerabilities and the associated fixes or mitigations after a reasonable period of time.
  • Technical experts from member companies, who support PI in the analysis of weaknesses, are bound to confidentiality - also within their own company.
  • PI will forward vulnerability reports concerning a company's products, together with information about the person making the report, to that company for problem resolution. Passing on the contact information of the person making the report is intended to speed up problem resolution. If anonymous forwarding is desired, this can be specified in the reporting form.
  • The detection or reporting of a vulnerability may violate laws or other regulations. PI will not take legal action against any person who voluntarily and in good faith reports vulnerabilities to PI.
  • The reporting person yields the copyright to PI to publish the reported vulnerability and the respective mitigation in an advisory.
PI will handle submitted vulnerability reports with the expected care. However, PI makes no warranty of any kind, express or implied, as to the accuracy of vulnerability reports and their resolution, including but not limited to any warranty of title, implied warranty or warranty of fitness for a particular purpose or use. In no event shall PI be liable for any errors contained herein or for any indirect, incidental, special, consequential, trust or coverage damages, including loss of profits, revenue, data or use, suffered by any user or third party.

Please note that when reporting vulnerabilities, you must observe legal provisions or other obligations, especially confidentiality obligations or export control regulations.
PI will in many cases contact the manufacturer of the component or the manufacturer of any technology components (e.g. protocol stacks) used to clarify the vulnerability report.

Submit
captcha
Vulnerability Reporting Template
Vulnerability Reporting Template
Vulnerability Reporting Template
Vulnerability Reporting Template
Vulnerability Reporting Template
Vulnerability Reporting Template
Vulnerability Reporting Template