Schneider Electric works collaboratively with researchers, Cyber Emergency Response Teams (CERTs), and asset owners to address cybersecurity vulnerabilities affecting Schneider Electric products, software, systems, and infrastructure. It ensures that accurate information is provided in a timely fashion to adequately protect the company, our customers, and partners.
-
Contact Schneider Electric Customer Care Support via chat, form or phone mentioning the following information:
- Email
- Phone number
- Country
- Organization name
- Product Line
- Vulnerable Version
- Vulnerability type [CWE ID if available]
Please note: Providing personal information while reporting a vulnerability is optional and not mandatory. For more information on privacy and personal information usage, please refer to our Privacy Notice for Schneider Electric CERT & CPCERT
> Contact the Technical Support -
Contact Schneider Electric CPCERT Team
- By completing the pre-filled email (Option 1)
- By emailing CPCERT@se.com including the information mentioned below (Option 2)
PGP Public Key and Fingerprint: E38F 0E4A 8541 8B53 20A7 D84F 8233 2C33 CF9F 652C
Only submissions in English will be accepted.
Note: Security notifications will be released the second Tuesday of every month. By limiting our publish dates to once a month, we aim to help our customers plan ahead for patches.
Information to be included into your email:
Subject: Product Vulnerability Report - [title]
Body:
- First Name:
- Last Name:
- Email:
- Phone number:
- Country:
- Organization name (if applicable):
- Source Type:
- Product Line:
- Vulnerable Version:
- Vulnerability type [CWE ID if available]:
Please note: Providing personal information while reporting a vulnerability is optional and not mandatory. For more information on privacy and personal information usage, please refer to our Privacy Notice for Schneider Electric CERT & CPCERT.Attachment: Encrypted report with the following information:
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
- Any other relevant information
-
Contact Schneider Electric CPCERT Team by emailing CPCERT@se.com including the information mentioned below:
PGP Public Key and Fingerprint: E38F 0E4A 8541 8B53 20A7 D84F 8233 2C33 CF9F 652C
Only submissions in English will be accepted.
Note: Security notifications will be released the second Tuesday of every month. By limiting our publish dates to once a month, we aim to help our customers plan ahead for patches.
Information to be included into your email:
Subject: Product Vulnerability Report - [title]
Body:
- First Name:
- Last Name:
- Email:
- Phone number:
- Country:
- Supplier Organization name:
- Vulnerable Product/Component:
- Vulnerable Version:
- Vulnerability type [CWE ID if available]:
- CVE (if any):
Please note: Providing personal information while reporting a vulnerability is optional and not mandatory. For more information on privacy and personal information usage, please refer to our Privacy Notice for Schneider Electric CERT & CPCERT
Attachment: Encrypted report with the following information:
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
- Any other relevant information
-
Contact Schneider Electric CERT Team
- By completing the pre-filled email (Option 1)
- By emailing CERT@se.com including the information mentioned below (Option 2)
PGP Public Key and Fingerprint: 920C 07B4 A1C5 85C7 8698 8659 9918 81ED 1532 593F
Note: only submissions in English will be accepted.
Information to be included into your email:
Subject: Infrastructure Vulnerability Report – [title]
Body:
- First Name:
- Last Name:
- Email:
- Phone number:
- Country:
- Organization name (if applicable):
- Source Type:
- Vulnerable System:
- Vulnerability type [CWE ID if available]:
Please note: Providing personal information while reporting a vulnerability is optional and not mandatory. For more information on privacy and personal information usage, please refer to our Privacy Notice for Schneider Electric CERT & CPCERT
Attachment: Encrypted report with the following information:
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
- Any other relevant information
Note: AVEVA product vulnerabilities are no longer handled by Schneider Electric. Please see below for information on how to get support for your product
• AVEVA Products: Please refer to AVEVA Software Global Customer Support for any cybersecurity needs and visit AVEVA Security Updates for cybersecurity bulletins and information.
