How to Report a Potential Security Vulnerability

For Real-Time Systems GmbH, the security of our products is important, and we take any potential security vulnerability seriously. We are committed to continuously enhancing the security measures of our products. Real-Time Systems ensures that customers are promptly informed of any potential security vulnerability.

If you identify any vulnerabilities in our products, please report them via the following email: compliance[@]congatec.com. For any security vulnerability reported to congatec, we will provide further details and actions in a timely manner via a dedicated ticket or email.


Recommended Information to Include

To help us properly evaluate a potential security vulnerability, please include the following information in your email:

  1. Your contact information and availability
  2. The affected congatec product, including part number, name, revision, and/or version (hardware and software).
  3. A complete technical description of the potential vulnerability, including any known related exploits.
  4. Step-by-step instructions to reproduce the issue.
  5. Details on how and when the potential vulnerability was discovered.
  6. Any public information already published or planned for publication (e.g., CVE, academic paper, etc.)


Security Incident Response Process

  1. Notification: Real-Time Systems receives the report and acknowledges its receipt.
  2. Review: Real-Time Systems reviews the report to determine whether a congatec product may be affected and whether the information provided is sufficient for investigating the issue. We may contact the submitter if further clarification or additional information is needed.
  3. Technical analysis: Real-Time Systems technology department investigates the potential vulnerability.
  4. Corrective action: If the vulnerability is verified, congatec will take appropriate actions to remedy the issue.
  5. Disclosure: When appropriate, Real-Time Systems will disclose information about the verified vulnerability and may publish countermeasures or workarounds, depending on the severity of the issue.