MAN Energy Solutions Logo

Security issue reporting policy

MAN ES is continuously looking to identify relevant security issues in its engine automation products in order to manage and address them.

We welcome any information about security issues in our products. If you have become aware of  such issues (e.g., exploitable vulnerabilities or weaknesses), please feel free to contact us. We will investigate the report according to our secure development process, and address the issue appropriately.

Guidelines

  • Take note that MAN ES automation systems are safety critical, and tampering with them may lead to equipment damage and/or harm you or others.
  • Follow the applicable legal regulations and laws.
  • Use the contact information below to report security issues in outlined scope that you have discovered.
  • Please provide sufficient details about the security issue (in English). This should include the type and version of the product in which the security issue was identified, and how and under which circumstances the issue can be exploited. Further, we encourage you to provide your considerations on how to address the identified issue.
  • We welcome reports of potential security issues in any of the MAN ES automation products such as the software and hardware of MAN ES engine control systems (2- and 4-stroke).

Contact

Please report the details about the identified security issue to cybersecurity-ot@man-es.com

encrypted with the following PGP key: 

Download PGP-Key

Disclosure

We ask you to allow us to coordinate the disclosure efforts, and refrain from publishing the issue, in order to protect the security and safety of our clients. Please note that addressing the report may take considerably longer time than for typical IT systems due to the nature of our equipment and its context.