The Product Security Incident Response Team (PSIRT) at DMG MORI is the central point of contact to report potential security vulnerabilities, incidents and other security issues related to DMG MORI products, solutions and services. Please relay information via the address:
We guarantee complete confidentiality in handling this information. A Non-Disclosure-Agreement is not required to cooperate on the disclosure of security vulnerabilities. DMG MORI does not currently participate in a bug bounty program.
We can optimally process reports if you provide us with the information listed below:
- Name of the reporter: (If you wish to remain anonymous, we will of course respect your request).
- Otherwise: E-mail address and telephone number at which we can reach you.
- Affiliation: What is your organizational affiliation (if any)?
- Type of vulnerability submitted: How do you describe the type of vulnerability (e.g. XSS, buffer overflow, hard-coded credentials ...)?
- Vulnerability Trigger: Can you provide code that can be used to trigger the vulnerability (proof-of-concept, PoC)? Alternatively, you can also submit network traces (e.g., pcaps) or a description of how the vulnerability may be reproduced.
- Effects of the vulnerabilities: Have you observed any effects that arise or are brought about by the vulnerability?
- Affected components: In which products, solutions or services did you find the vulnerability? Include all the information available to you, such as product family and group, firmware- or software version. For Services, specify the location (e.g., URL).
- Vulnerability confidentiality: Has the vulnerability already been disclosed or do you have concrete plans for disclosure?
DMG MORI PSIRT will acknowledge receipt of your report within three working days. We would like to thank all reporters in advance for their contributions. With your support, we can improve the security situation for DMG MORI and our customers.