Responsible disclosure of vulnerabilities

If you have discovered one or more vulnerabilities in MENNEKES products or IT infrastructure, please feel free to contact us in confidence. If you have found vulnerabilities in IT products, systems, or services from other manufacturers or product owners outside the MENNEKES Group, you should first report the vulnerability to the respective manufacturer or product owner. If they do not respond, you may also report the vulnerability to MENNEKES. MENNEKES expects adherence to the MENNEKES Coordinated Vulnerability Disclosure (CVD) Policy. This policy defines what we expect from reporters and how MENNEKES handles incoming vulnerability reports. You can find the CVD Policy here.

You can reach us for product vulnerability handling via email at psirt(at)mennekes.de and for infrastructure vulnerability handling at csirt(at)mennekes.de. Alternatively, you can submit your vulnerability report anonymously using the form below.

Contact form

Your data

Salutation (optional)

First name (optional)

Name (optional)

E-mail address (optional)

Phone (optional)

Country (optional)

Additional information

Product name including version number (product vulnerability) or designation of the affected IT system (infrastructure vulnerability)

Description of the potential exploitation risk (if possible) (optional)

Detailed description of the proof-of-concept (preferably with screenshots), including configuration of the application/system and description of the operating environment

File upload for screenshots (optional)

Would you like to be mentioned in the Hall of Fame?

Yes

No

Would you like to be mentioned in the Hall of Fame? (optional)

Privacy policy

I took note of the privacy policy. I agree to an electronic storage and processing of my entered data to answer my request. The consent can be revoked at any time for the future by e-mail to datenschutz@MENNEKES.de.

Our privacy policy can be found here.

For secure communication with the MENNEKES PSIRT/CSIRT, please use the provided PGP key.

Handling of Product Vulnerabilities

PSIRT

Name: PSIRT
E-Mail: psirt(at)mennekes.de
Fingerprint: D091BA6516E68BCF366EF9F1A9773407D11F4EB5
Download

Handling of Infrastructure Vulnerabilities

CSIRT

Name: CSIRT
E-Mail: csirt(at)mennekes.de
Fingerprint: B2C2D28ED2E3EF16BCA0661DDBE2AAC07E4BCB04
Download