Product Security Incident Response Team

Rittal Responsible Disclosure Policy

At Rittal, safeguarding the integrity and security of our products is a top priority. Rittal is committed to delivering products and solutions that meet the highest standards of quality, reliability, and security. To support this commitment, the Rittal Product Security Incident Response Team (PSIRT) works closely with external security researchers, partners, and customers to identify and resolve potential security vulnerabilities in Rittal products and services.

Rittal PSIRT manages responses to all potential or confirmed security incidents by collaborating with internal engineering and development teams to assess issues and develop response plans. We emphasize the importance of coordinated vulnerability disclosure, and we kindly request that reporters maintain confidentiality until a fix or security advisory is available.

We welcome vulnerability reports from all sources, regardless of whether there is an active service contract or the product is still in its lifecycle. Reports may come from independent security researchers, customers, industry groups, CERTs (Computer Emergency Response Teams), partners, or any other party. We respect the preferences of the reporting individual or organization, including the option to remain anonymous, and we commit to investigating any report that reasonably relates to our products or services.

“We strive to protecting our customers and infrastructure. To this end, it is important to close existing security gaps before they become to a wider public. We are therefore strongly committed to a coordinated approach to avoid exposing systems to unnecessary risk (e.g. due to immediate public disclosure).”

We appreciate your understanding and cooperation in keeping this unresolved vulnerability confidential by refraining from sharing or publicizing it with third parties. Thank you for your support!

Our Commitment

By adhering to the Rittal Responsible Security Disclosure Policy, the Rittal PSIRT and associated development teams will make reasonable efforts to:

  • Respond quickly and acknowledge receipt of the vulnerability report.
  • Provide an estimated time frame for addressing the vulnerability report.
  • Notify the reporting party when the vulnerability has been fixed.

Rittal aims to acknowledge receipt of vulnerability reports within 2 working days, excluding weekends and public holidays observed in the state of Hesse, Germany.1 Status updates will be provided as relevant information becomes available during the investigation and resolution process.

Rittal commits not to pursue legal action against individuals who report vulnerabilities in good faith, provided that:

  • The reporting party does not intentionally or recklessly cause harm to Rittal, its customers, or third parties.
  • The reporting party does not compromise the privacy or safety of our customers or the operation of our services.
  • The reporting party does not violate any criminal law.
  • Public disclosure of vulnerability details occurs only after Rittal confirms that remediation is complete.

Rittal appreciates the efforts of security researchers and other contributors who help identify vulnerabilities and work with us to improve the safety of Rittal products and the broader digital ecosystem. Your collaboration strengthens our commitment to secure and reliable solutions.

1) Time slots during which no processing is to be expected (e.g. Saturdays, Sundays, New Year’s Day, Good Friday, Easter Monday, May 1st, December 24th to December 26th, and December 31st) regardless of local holidays in Hesse.