To report a vulnerability:
- Send an e-mail to the Vulnerability Management Team at vulnerabilitymanagement@aveva.com
- or -
- If you have an SSO account, you may open a Technical Support Case
Response time:
You will receive a response within 72 hours. If for some reason you do not, please follow up with us to ensure we received your original message.
What to include in your report:
To help us to better understand the nature and scope of the possible issue, please include as much of the below information as possible.
- Type of issue (buffer overflow, SQL injection, cross-site scripting, etc.)
- Product and version that contains the bug, or URL if for an online service
- Service packs, security updates, or other updates for the product you have installed
- Any special configuration required to reproduce the issue
- Step-by-step instructions to reproduce the issue on a fresh install
- Proof-of-concept or exploit code
- Impact of the issue, including how an attacker could exploit the issue
Additional Information:
AVEVA follows an Ethical Disclosure Policy and, to protect the ecosystem, we request coordination with those reporting to us.
Email recipients at AVEVA.com are protected by StartTLS as negotiated per sender (you can verify settings with CheckTLS.com). Request a key from our incident commander if you prefer to use PGP messaging for more sensitive details.
If you want to remain anonymous to the public, we will honor your request. AVEVA does appreciate the opportunity to work collaboratively with researchers and users to understand and correct issues whenever possible.