Wabtec encourages researchers, purple teams, industry groups, vendors, customers, and government agencies to submit potential product security vulnerabilities.
If a potential vulnerability or security defect is identified to affect a Wabtec product, please email the Product Security Incident Response Team at PSIRT [at] Wabtec [dot] com using the instructions below.
- Follow Product Vulnerability Reporting Scope and Rules of Engagement
- Encrypt submission email using Wabtec’s public PGP key:
- Follow-up response email address
- Vulnerability Description
- Vulnerability Type (IE: Brute Force, XSS, SQL Injection)
- Product / Service Impacted
- Steps to Reproduce
- Impact
- Potential Remediation or Mitigations
- Proof of Concept