At OMICRON we take any type of vulnerability issue that affects our products very seriously, and we appreciate and welcome every report that helps us improve their security. Consequently, we have established a systematic approach for receiving, handling, and disclosing such vulnerabilities.
We are aware of our responsibility for contributing to an increased level of cybersecurity, especially in the area of critical infrastructures. Therefore, we want to inform our customers about validated and relevant vulnerabilities that affect our products in our Security Advisories section below. However, to avoid unnecessary risks to our customers, we encourage anyone that detects a vulnerability to not make the information public until we have evaluated the appropriate remediation options.
At OMICRON, we have a dedicated product security team responsible for managing security issues and taking further disclosure actions. They are happy to help you with any questions related to vulnerabilities in OMICRON products. If possible, please use encrypted e-mail communication.
To ensure reliable and efficient handling and disclosure of relevant security issues, we have established a comprehensive and systematic process. Below you can find more details about each stage of the process.
We invite everyone to report security issues that affect OMICRON products.
We respect your privacy and will not publish any information about you without your explicit consent.
It is possible to submit an identified security issue anonymously, but if desired, we will credit you for finding a vulnerability issue in our security advisory.
To report a vulnerability issue, please contact the dedicated Product Security Team mentioned earlier. Please provide as many details as possible when reporting a security issue, and include the following information in your report:
- Affected OMICRON product including detailed version
- Detailed description of the vulnerability issue
- If possible, please attach available exploit code or step-by-step approach to find the vulnerability
- Are there any plans to make the vulnerability publicly available?
After we receive your report, we will initiate a comprehensive analysis of the security issue. Our goal is to reproduce the problem and to identify its root cause.
As soon as the analysis of the security issue is completed, we will continue with the assessment of the probability of occurrence and the potential impact for our customers.
Based on the assessment, we can derive further treatment measures. This may include providing a patch to affected customers and consequently, a structured disclosure of the vulnerability.
We are aware of our responsibility and the importance of informing affected customers about relevant vulnerability issues that affect OMICRON products to avoid consequential damage. Therefore, every security issue is taken seriously, and affected customers will be informed.
We will publish the following disclosure information:
- Vulnerability description
- Affected OMICRON products including detailed version
- CVSS score
- CVE entry (if applicable)
- Required steps to remediate the vulnerability
- Credits (if desired by the finder)
OMICRON has introduced product security vulnerability handling and disclosure in 2021. Below you can find all security advisories that have been found and published meanwhile.