OMICRON Product Security Vulnerability Handling and Disclosure

At OMICRON we take any type of vulnerability issue that affects our products very seriously, and we appreciate and welcome every report that helps us improve their security. Consequently, we have established a systematic approach for receiving, handling, and disclosing such vulnerabilities.

Coordinated Disclosure

We are aware of our responsibility for contributing to an increased level of cybersecurity, especially in the area of critical infrastructures. Therefore, we want to inform our customers about validated and relevant vulnerabilities that affect our products in our Security Advisories section below. However, to avoid unnecessary risks to our customers, we encourage anyone that detects a vulnerability to not make the information public until we have evaluated the appropriate remediation options.

OMICRON Product Security Team

At OMICRON, we have a dedicated product security team responsible for managing security issues and taking further disclosure actions. They are happy to help you with any questions related to vulnerabilities in OMICRON products. If possible, please use encrypted e-mail communication.

security​(at)​omicronenergy.com

PGP Public Key3.14 kB
Fingerprint: 90F2 6F91 6186 22EA AFF1 06A0 F014 F4B8 C72E C818

Handling Vulnerability and The Disclosure Process

  

 

To ensure reliable and efficient handling and disclosure of relevant security issues, we have established a comprehensive and systematic process. Below you can find more details about each stage of the process.


1. Report

We invite everyone to report security issues that affect OMICRON products.
We respect your privacy and will not publish any information about you without your explicit consent.

It is possible to submit an identified security issue anonymously, but if desired, we will credit you for finding a vulnerability issue in our security advisory.

To report a vulnerability issue, please contact the dedicated Product Security Team mentioned earlier. Please provide as many details as possible when reporting a security issue, and include the following information in your report:

  • Affected OMICRON product including detailed version
  • Detailed description of the vulnerability issue
  • If possible, please attach available exploit code or step-by-step approach to find the vulnerability
  • Are there any plans to make the vulnerability publicly available?
  •  


2. Analysis

After we receive your report, we will initiate a comprehensive analysis of the security issue. Our goal is to reproduce the problem and to identify its root cause.


3. Assessment

As soon as the analysis of the security issue is completed, we will continue with the assessment of the probability of occurrence and the potential impact for our customers.


4. Treatment

Based on the assessment, we can derive further treatment measures. This may include providing a patch to affected customers and consequently, a structured disclosure of the vulnerability.


5. Disclosure

We are aware of our responsibility and the importance of informing affected customers about relevant vulnerability issues that affect OMICRON products to avoid consequential damage. Therefore, every security issue is taken seriously, and affected customers will be informed.
We will publish the following disclosure information:

  • Vulnerability description
  • Affected OMICRON products including detailed version
  • CVSS score
  • CVE entry (if applicable)
  • Required steps to remediate the vulnerability
  • Credits (if desired by the finder)
  •  

Security Advisories

OMICRON has introduced product security vulnerability handling and disclosure in 2021. Below you can find all security advisories that have been found and published meanwhile.

IDTitleAffected ProductsCVE IDCVSS ScoreLast updateDownload
You are using an outdated browser version.
Please upgrade your browser or use another browser to view this page correctly.
×