Coordinated Disclosure

<!doctype html>   <html lang="en" class="no-js"> <head>  <script id="Cookiebot" src="https://consent.cookiebot.com/uc.js" data-cbid="a5b7c9ed-b663-44d4-8807-aa27dd8b8dfd" data-blockingmode="auto" type="text/javascript"></script> <title>Coordinated Disclosure | Voith</title> <meta property="og:title" content="Coordinated Disclosure | Voith" /> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, shrink-to-fit=no"> <meta name="msapplication-tap-highlight" content="no"> <meta name="format-detection" content="telephone=no"> <link rel="shortcut icon" href="//static.voith.com/corporateWebsite/favicon.ico" type="image/x-icon"> <link rel="icon" href="//static.voith.com/corporateWebsite/favicon.ico" type="image/x-icon"> <meta property="og:description" content="This page contains information on coordinated disclosure of vulnerabilities found on Voith websites or applications."> <meta name="description" content="This page contains information on coordinated disclosure of vulnerabilities found on Voith websites or applications." /> <meta name="keywords" content="" /> <meta name="robots" content="index, follow, noodp" /> <meta name="google-site-verification" content="Q0JoUwHOtP-JNDZrI4Ra1-RbsapdgaZKfrQPmIWhYX4" /> <meta property="og:type" content="website"> <meta property="useInVoithProductfinder" content=""> <meta property="og:image" content="https://d2euiryrvxi8z1.cloudfront.net/rendition/445934742530/4ef374b0595893eaa3200071436f53d1/-C2048x1151,0,209-S1200-FJPG"> <meta property="og:image:width" content="1200"> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge">  <link rel="stylesheet" href="//static.voith.com/2.16.0/resources/css/styles.all.min.css?v=230730"> <link rel="stylesheet" href="//static.voith.com/2.16.0/resources/css/styles.print.min.css?v=230730" media="print"> <script type="text/javascript" data-cookieconsent="ignore"> var global = global || {}; global.configuration = {data: {page: {}, global: {}}}; global.configuration.data.staticResourcesBase = '//static.voith.com/2.16.0/resources/'; global.configuration.data.staticResourcesContentRepoBase = '//static.voith.com/2.16.0/resources/resources-content/'; </script> <script type="text/javascript" src="//static.voith.com/2.16.0/resources/js/scripts.head.all.min.js" data-cookieconsent="ignore"></script> <script type="text/javascript"> function onSubmit(token) { $('form').submit(); } </script> <meta property="og:url" content="https://voith.com/corp-en/footer/coordinated-disclosure.html"> <link rel="canonical" href="https://voith.com/corp-en/footer/coordinated-disclosure.html" /> <script> global.configuration.data.searchPageUrl = '/corp-en/search.html'; global.configuration.data.currentPageId = '178247'; global.configuration.data.currentLanguageId = 'EN'; global.configuration.data.languageUrls = { 'DE': '/corp-de/footer/coordinated-disclosure.html', 'EN': '/corp-en/footer/coordinated-disclosure.html', 'PT': '/corp-en/footer/coordinated-disclosure.html', 'CN': '/corp-en/footer/coordinated-disclosure.html', 'ES-ES': '/corp-en/footer/coordinated-disclosure.html', 'ES-EN': '/corp-en/footer/coordinated-disclosure.html', 'RU-RU': '/corp-en/footer/coordinated-disclosure.html', 'RU-EN': '/corp-en/footer/coordinated-disclosure.html', 'FI-FI': '/corp-en/footer/coordinated-disclosure.html', 'FI-EN': '/corp-en/footer/coordinated-disclosure.html', 'AT-EN': '/corp-en/footer/coordinated-disclosure.html', 'AT-DE': '/corp-en/footer/coordinated-disclosure.html', 'HU-EN': '/corp-en/footer/coordinated-disclosure.html', 'HU-HU': '/corp-en/footer/coordinated-disclosure.html', 'AU-EN': '/corp-en/footer/coordinated-disclosure.html', 'BR-EN': '/corp-en/footer/coordinated-disclosure.html', 'BR-PT': '/corp-en/footer/coordinated-disclosure.html', 'CA-EN': '/corp-en/footer/coordinated-disclosure.html', 'CA-FR': '/corp-en/footer/coordinated-disclosure.html', 'CN-EN': '/corp-en/footer/coordinated-disclosure.html', 'CN-ZH': '/corp-en/footer/coordinated-disclosure.html', 'CZ-CS': '/corp-en/footer/coordinated-disclosure.html', 'CZ-EN': '/corp-en/footer/coordinated-disclosure.html', 'DE-DE': '/corp-en/footer/coordinated-disclosure.html', 'DE-EN': '/corp-en/footer/coordinated-disclosure.html', 'DK-DA': '/corp-en/footer/coordinated-disclosure.html', 'DK-EN': '/corp-en/footer/coordinated-disclosure.html', 'FR-EN': '/corp-en/footer/coordinated-disclosure.html', 'FR-FR': '/corp-en/footer/coordinated-disclosure.html', 'IN-EN': '/corp-en/footer/coordinated-disclosure.html', 'IT-EN': '/corp-en/footer/coordinated-disclosure.html', 'IT-IT': '/corp-en/footer/coordinated-disclosure.html', 'JP-EN': '/corp-en/footer/coordinated-disclosure.html', 'JP-JA': '/corp-en/footer/coordinated-disclosure.html', 'ME-AR': '/corp-en/footer/coordinated-disclosure.html', 'ME-EN': '/corp-en/footer/coordinated-disclosure.html', 'NO-EN': '/corp-en/footer/coordinated-disclosure.html', 'NO-NO': '/corp-en/footer/coordinated-disclosure.html', 'PL-EN': '/corp-en/footer/coordinated-disclosure.html', 'PL-PL': '/corp-en/footer/coordinated-disclosure.html', 'PL-RU': '/corp-en/footer/coordinated-disclosure.html', 'SE-EN': '/corp-en/footer/coordinated-disclosure.html', 'SE-SV': '/corp-en/footer/coordinated-disclosure.html', 'SK-EN': '/corp-en/footer/coordinated-disclosure.html', 'SK-SK': '/corp-en/footer/coordinated-disclosure.html', 'TR-EN': '/corp-en/footer/coordinated-disclosure.html', 'TR-TR': '/corp-en/footer/coordinated-disclosure.html', 'ZA-EN': '/corp-en/footer/coordinated-disclosure.html', 'ZA-FR': '/corp-en/footer/coordinated-disclosure.html' }; </script>  <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push( {'gtm.start': new Date().getTime(),event:'gtm.js'} );var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-T2D3Q7J');</script>  </head> <body role="document" id="top" class=" "> <div class="offcanvas offcanvas--fixed-height layout--default"> <div class="offcanvas__inner"> <header class="header header--firstLevelNavigation">  <div class="header__wrap"> <div class="header__inner"> <div class="header__logo"> <a href="/corp-en/index.html"><img src="//static.voith.com/2.16.0/resources/img/voith.svg" alt="Voith" title="" /></a> </div> <div class="header__content"> <div class="firstLevelNavigation"></div> <div class="header__navigationToggle" data-offcanvas-show="right"> <button class="hamburger hamburger--htx"> <span class="hamburger__bar">toggle menu</span> </button> </div> <a class="header__searchbarToggle" title="Search"></a> </div> </div> <div class="header__outer"> <div class="header__claimContainer"> <span class="header__claim languageSelectTrigger"></span> </div> </div> </div> <div class="searchbar searchbar--header"> <div class="searchbar__container"> <button class="searchbar__submit" type="submit"></button> <input class="searchbar__input" type="search" placeholder="Enter keyword"> <span class="searchbar__reset"></span> </div> </div> <div class="flyoutNavigation"> <div class="flyoutNavigation__content flyoutNavigation__scrollable"></div> </div> </header> <main class="content"> <div class="component socialMediaSharing" showButtons="Yes"> <div class="socialMediaSharing__button socialMediaSharing__button--share"> <span class="icon-sharing"></span> </div> <div class="socialMediaSharing__button socialMediaSharing__button--facebook"> <a href="https://www.facebook.com/sharer/sharer.php?u=http%3A%2F%2Fvoith.com%2Fcorp-en%2Ffooter___coordinated-disclosure.html&t=Coordinated%20Disclosure%20%7C%20Voith" target="_blank"> <span class="icon-facebook"></span> </a> </div> <div class="socialMediaSharing__button socialMediaSharing__button--linkedIn"> <a href="http://www.linkedin.com/shareArticle?mini=true&url=http%3A%2F%2Fvoith.com%2Fcorp-en%2Ffooter___coordinated-disclosure.html&title=Coordinated%20Disclosure%20%7C%20Voith&summary=This%20page%20contains%20information%20on%20coordinated%20disclosure%20of%20vulnerabilities%20found%20on%20Voith%20websites%20or%20applications.&source=http%3A%2F%2Fvoith.com%2Fcorp-en%2Ffooter___coordinated-disclosure.html" target="_blank"> <span class="icon-linkedin-inverted"></span> </a> </div> <div class="socialMediaSharing__button socialMediaSharing__button--mail"> <a href="mailto:?subject=Coordinated%20Disclosure%20%7C%20Voith&body=This%20page%20contains%20information%20on%20coordinated%20disclosure%20of%20vulnerabilities%20found%20on%20Voith%20websites%20or%20applications.:%20http%3A%2F%2Fvoith.com%2Fcorp-en%2Ffooter___coordinated-disclosure.html"> <span class="icon-mail"></span> </a> </div> <div class="socialMediaSharing__toggle"> <span class="icon-chevron-right"></span> </div> </div> <nav class="breadcrumb"> <div class="breadcrumb__wrap"> <ul itemscope itemtype="http://schema.org/BreadcrumbList"> <li itemprop="itemListElement" itemscope itemtype="http://schema.org/ListItem"> <a itemprop="item" class="current" href="/corp-en/footer/coordinated-disclosure.html"><span itemprop="name">Coordinated Disclosure</span></a> </li> </ul> </div> </nav> <article class="gridContainer"> <div class="section " data-anchor-id="178248" data-pagination-title="">  <section cmsId="178248" > <div class="row row--reducedWidth"> <div class="col"> <div class="component h1"> <h1>Coordinated disclosure policy</h1> </div> <div class="component h2 " data-anchor-id="h2178249"> <h2>Coordinated Vulnerability Disclosure Policy of the Voith Group</h2> </div> <div class="component freetext copy c178249"> <p><h3>Our Security Policy</h3> <p>Voith operates a multi-layered security concept to ensure IT security and data protection in all our products and systems. This security concept is regularly checked, among other things, by our certifications, e.g. ISO 27001.</p> <p>Should you nevertheless discover security problems or vulnerabilities in our applications or systems, please inform us. We will take immediate action to remedy the vulnerability found as quickly as possible.</p> <h3>How to report a vulnerability</h3> <p>Please send all relevant findings via email to <a href="mailto:security@voith.com?subject=Coordinated%20disclosure">security@voith.com</a>. You can encrypt this email with our PGP key to protect this sensitive information from third parties. Alternatively, please contact us by phone at +49-(0)7321-37-2222, quoting "Coordinated Disclosure".</p> <p>Please provide us with sufficient information so that we can reproduce and analyze the problem. </p> <p>As complex issues may require queries, we also ask you to provide us with a way of contacting you. </p> <p>We request that you do not use the discovered vulnerability for this purpose, for example by downloading, modifying, deleting data, uploading code or giving information about the weakness to third parties.</p> <h3><strong>Services in scope</strong></h3> <p>In scope are any Voith- Voith-related digital services. This includes, amongst other, virtually all the content in the following domains:</p> <p>*.voith.com<br /> *.voith.de<br /> *.voith.net<br /> *.myvoith.com<br /> *.voith.io</p> <p>Reports on services not operated on behalf of or under responsibility of Voith are welcome but do not qualify vulnerability in scope of this policy.</p> <h3>Qualifying vulnerabilities</h3> <p>We expect that any vulnerability you report to us will have a valid attack scenario.</p> <p>Any issues that affect the confidentiality, integrity or availability of our systems and information is likely to be in scope, such as:</p> <ul> <li>Authentication or authorization flaws,</li> <li>Cross-site scripting,</li> <li>Server-side code execution bugs</li> </ul> <h3>Non-qualifying vulnerabilities</h3> <p>We generally review reports regarding to their impact on a case-by-case basis, this means some of the reported issues may not qualify; such as:</p> <ul> <li>Known events: we proceed with the ‘first-come-first serve’ principle, so no multiple reporting. This includes vulnerabilities already known from internal security tools or employees.</li> <li>Compliance violation: in case vulnerability research and related information gathering is violating any laws, no reward will be paid.</li> <li>Vulnerabilities in “sandbox” domains: if there is no impact on sensitive data which can be demonstrated or requiring exceedingly unlikely user interaction.</li> <li>Version information that does not expose the service to attacks and is seen only as information gathering, as part of further potential exploits.</li> <li>Email spoofing (e.g. @voith.com) as we are aware of this general risk.</li> <li>General attack methods regarding the availability of our services to all users; like (D)DOS attempts.</li> </ul> <h3>What we promise</h3> <p>We will inform you about the receipt of your report, furthermore we will keep you informed about relevant results of the internal processing.</p> <p>We will take appropriate countermeasures as soon as possible to close the reported vulnerability.</p> <p>We will treat your report and related information strictly confidentially and will not disclose your personal data to third parties without your consent.</p> <p>We will not take any legal action against you. This does not apply in cases of recognizable criminal or intelligence intentions.</p> <p>The reporter is judged according to his or her abilities and not according to personal aspects such as age, gender, origin, education or social rank.</p> <p>We show this respect and gratitude to every reporter by documenting the closed vulnerability in the corresponding documentation or news of the item concerned. If you wish, this can also be done by mentioning your name (or alias). </p> <p>We currently have no general bug bounty program. There is expressly no legal claim to a reward. Decisions in this regard are subject to Voith's sole discretion.</p> <p><strong>Voith GmbH & Co. KGaA</strong></p> <h3>PGP Key for secure communication</h3> <p>Please note this key is not published on public keyservers to avoid spam/phishing emails.</p></p> </div> <ul class="component list list--download"> <li> <a href="/corp-en/Voith-IT-Security_PGP_0x9566F5D7_public.zip" target="_blank"> <span class="list--title">PGP public key</span> <span class="list--detail">ZIP, 0.00 MB</span> </a> </li> </ul> </div> </div> </section> </div> </article> </main>   <footer class="footer"> <div class="footer__wrap"> <div class="footer__backToTop"> <a class="icon-chevron-up" href="#top"></a> </div> </div> <div class="footer__content"> <div class="footer__wrap"> <div class="footer__column footer__column--25"> <ul class="list list--link"> <li><a href="/corp-en/news-room.html">Newsroom</a></li><li><a href="/corp-en/about-us/company.html">About us</a></li> </ul> </div> <div class="footer__column footer__column--25"> <div class="footer__countrySelect myCountrySelect"> <span class="languageSelect__title">Voith in your country</span> <ul class="list list--link"> <li><a href="/corp-en/about-us/markets-locations.html">Explore all locations</a></li> </ul> <a href="/corp-en/about-us/markets-locations.html"><img src="//static.voith.com/2.16.0/resources/img/worldmap.png" alt=""></a> </div> </div> <div class="footer__column footer__column--25"> <ul class="list list--link"> </ul> </div> <div class="footer__column footer__column--25"> <p class="footer__label">Follow us</p> <div class="footer__socialMedia"> <a class="icon-linkedin" target="_blank" href="https://www.linkedin.com/company/voithgroup" title="LinkedIn"></a> <a class="icon-instagram" target="_blank" href="https://www.instagram.com/voithgroup/" title="Instagram"></a> <a class="icon-wechat" target="_blank" href="https://weixin.qq.com/r/fENlfZTEhsn5rdAe9xZu" title="WeChat"></a> <a class="icon-youtube" target="_blank" href="https://www.youtube.com/channel/UC1PSLtGPxh-4LyJogpwIJNQ" title="youtube"></a> <a class="icon-facebook" target="_blank" href="https://www.facebook.com/VoithGlobal/" title="Facebook"></a> </div> </div> </div> </div> <style> .providerInformationLink::before { content: "" !important; bottom: -1px !important; background-image: url(//static.voith.com/additionalCode/images/icons/china_provider-information_icon.png); width: 14px; height: 14px; display: inline-block; background-repeat: no-repeat; background-size: contain; padding-right: 20px !important; } </style> <div class="footer__background"> <div class="footer__wrap"> <div class="footer__column footer__column--75 footer__column--large"> <span class="footer__copyright"> © Voith GmbH & Co. KGaA 2024 </span> <div class="footer__links"> <a href="/corp-en/index.html">Voith.com</a><a href="/corp-en/footer/imprint.html">Imprint</a><a href="/corp-en/contact/overview.html">Contact</a><a href="/corp-en/footer/privacy-policy.html">Privacy Policy</a><a href="/corp-en/about-us/compliance.html">Whistleblower / Complaints (LkSG)</a><a href="/corp-en/footer/terms-and-conditions.html">Terms and Conditions</a><a href="/corp-en/footer/change-cookie-settings.html">Change cookie settings</a><a href="/corp-en/footer/coordinated-disclosure.html">Coordinated Disclosure</a> </div> </div> <div class="footer__column footer__column--25 footer__column--large"> <div class="footer__socialMedia"> <a class="icon-linkedin" target="_blank" href="https://www.linkedin.com/company/voithgroup" title="linkedIn"></a> <a class="icon-instagram" target="_blank" href="https://www.instagram.com/voithgroup/" title="Instagram"></a> <a class="icon-wechat" target="_blank" href="https://weixin.qq.com/r/fENlfZTEhsn5rdAe9xZu" title="WeChat"></a> <a class="icon-youtube" target="_blank" href="https://www.youtube.com/channel/UC1PSLtGPxh-4LyJogpwIJNQ" title="youtube"></a> <a class="icon-facebook" target="_blank" href="https://www.facebook.com/VoithGlobal/" title="Facebook"></a> </div> </div> </div> </div> </footer> <div class="offcanvas__area offcanvas__area--right" data-navigation-url="/corp-en/49D877A1FFF849728A6DECBB0C566507.htm"> RIGHT OFFCANVAS AREA </div> </div> </div> <script type="text/javascript" data-cookieconsent="ignore" src="/corp-en/configuration.html"></script> <script type="text/javascript" src="//static.voith.com/2.16.0/resources/js/scripts.all.min.js" data-cookieconsent="ignore"></script> <script type="text/javascript" data-cookieconsent="ignore" src="//static.voith.com/additionalCode/js/additional-hald.js"></script> <script> var siteId = 588704; sitePageVars = { level2:'', chapter0: encodeURIComponent('Home'.replace(/&/g,'and').replace(/&/g,'and')), chapter1: encodeURIComponent('Footer'.replace(/&/g,'and').replace(/&/g,'and')), name: encodeURIComponent('Coordinated Disclosure'.replace(/&/g,'and').replace(/&/g,'and')) }; siteCustomVars = { 1: '['+encodeURIComponent('https://voith.com/corp-en/footer/coordinated-disclosure.html'.replace(/&/g,'and').replace(/&/g,'and')) +']', 2: '['+encodeURIComponent(document.referrer.replace(/&/g,'and').replace(/&/g,'and'))+']', 3: '[en]', 4: '178247', 6: '0' }; dataLayer.push({ 'Level2': '', 'SiteUrl': encodeURIComponent('https://voith.com/corp-en/footer/coordinated-disclosure.html'.replace(/&/g,'and').replace(/&/g,'and')), 'Referrer': encodeURIComponent(document.referrer.replace(/&/g,'and').replace(/&/g,'and')), 'Language': 'en', 'PageID': '178247', 'VideoPage': '0' }); </script>  <script type="text/plain" id="hs-script-loader" async defer src="//js.hs-scripts.com/5069195.js" data-cookieconsent="statistics"></script>   <script type="text/plain" data-cookieconsent="statistics"> _linkedin_partner_id = "2654314"; window._linkedin_data_partner_ids = window._linkedin_data_partner_ids || []; window._linkedin_data_partner_ids.push(_linkedin_partner_id); </script> <script type="text/plain" data-cookieconsent="statistics"> (function(){var s = document.getElementsByTagName("script")[0]; var b = document.createElement("script"); b.type = "text/javascript";b.async = true; b.src = "https://snap.licdn.com/li.lms-analytics/insight.min.js"; s.parentNode.insertBefore(b, s);})(); </script>  </body> </html>

CINXE.COM

Coordinated Disclosure | Voith