How to report a potential cybersecurity vulnerability

If you believe you have discovered a cybersecurity vulnerability that affects WABCO products, devices or services, please report it to us. We welcome reports from everyone, including security researchers and customers.

WABCO aims to send out a confirmation of receipt within 72 hours after the vulnerability has been disclosed to us. If you do not get a response in the mentioned time frame, we kindly ask you to resend the message.

Please direct your message to: cybersecurity@wabco-auto.com

The report should at least include the following information:
- Affected product and its version
- Detailed description of the vulnerability
- Information regarding potential exploits

Please provide your report in English language.

As vulnerability information is considered highly sensitive, we ask you to use WABCO’s PGP key to encrypt sensitive information sent to us via mail.

PGP Fingerprint: EDC5 A5F0 803D D62A 7DF9 C480 F83F 4CE6 59D8 6D0A PGP

 

How WABCO is handling cybersecurity incidents

After WABCO becomes aware of a new incident report, our incident response team evaluates the vulnerability and assesses the risk by determining impact and exploitability.

For the protection of our customers, WABCO will not disclose or discuss cybersecurity issues to public until our analysis has been completed and a mitigation plan is available. If our team needs additional information during the investigation, we will get in contact with you.

Due to the underlying nature of our products being mostly embedded systems in vehicles with limited capabilities of doing in-field updates, the time frame until a mitigation might be available can be significantly longer than for other information technology systems. WABCO will keep you updated throughout the process.