Report a cybersecurity vulnerability
Schneider Electric works collaboratively with researchers, Cyber Emergency Response Teams (CERTs), and asset owners to address cybersecurity vulnerabilities affecting Schneider Electric products, software, systems, and infrastructure. It ensures that accurate information is provided in a timely fashion to adequately protect the company, our customers, and partners.
Contact Schneider Electric Customer Care Support via chat, form or phone mentioning the following information:
- Email
- Phone number
- Country
- Organization name
- Product Line
- Vulnerable Version
- Vulnerability type [CWE ID if available]
Please note: Providing personal information while reporting a vulnerability is optional and not mandatory. For more information on privacy and personal information usage, please refer to our Privacy Notice for Schneider Electric CERT & CPCERT
Contact Schneider Electric CPCERT Team
- By completing the pre-filled email (Option 1)
- By emailing CPCERT@se.com including the information mentioned below (Option 2)
PGP Public Key and Fingerprint: 1917 BD57 E2B2 C97E 5257 DACB 804A D638 5567 E958
Only submissions in English will be accepted.
Note: Security notifications will be released the second Tuesday of every month. By limiting our publish dates to once a month, we aim to help our customers plan ahead for patches.
Information to be included into your email:
Subject: Product Vulnerability Report - [title]
Body:
- First Name:
- Last Name:
- Email:
- Phone number:
- Country:
- Organization name (if applicable):
- Source Type:
- Product Line:
- Vulnerable Version:
- Vulnerability type [CWE ID if available]:
Please note: Providing personal information while reporting a vulnerability is optional and not mandatory. For more information on privacy and personal information usage, please refer to our Privacy Notice for Schneider Electric CERT & CPCERT.
Attachment: Encrypted report with the following information:
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
- Any other relevant information
Contact Schneider Electric CPCERT Team by emailing CPCERT@se.com including the information mentioned below:
PGP Public Key and Fingerprint: 1917 BD57 E2B2 C97E 5257 DACB 804A D638 5567 E958
Only submissions in English will be accepted.
Note: Security notifications will be released the second Tuesday of every month. By limiting our publish dates to once a month, we aim to help our customers plan ahead for patches.
Information to be included into your email:
Subject: Product Vulnerability Report - [title]
Body:
- First Name:
- Last Name:
- Email:
- Phone number:
- Country:
- Supplier Organization name:
- Vulnerable Product/Component:
- Vulnerable Version:
- Vulnerability type [CWE ID if available]:
- CVE (if any):
Please note: Providing personal information while reporting a vulnerability is optional and not mandatory. For more information on privacy and personal information usage, please refer to our Privacy Notice for Schneider Electric CERT & CPCERT
Attachment: Encrypted report with the following information:
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
- Any other relevant information
Note: AVEVA product vulnerabilities are no longer handled by Schneider Electric. Please see below for information on how to get support for your product
• AVEVA Products: Please refer to AVEVA Software Global Customer Support for any cybersecurity needs and visit AVEVA Security Updates for cybersecurity bulletins and information.
