Cybersecurity at Fronius

At Fronius, we recognize the significant role of cybersecurity in the digital world. As a leading company in solar energy, perfect welding and perfect charging, we are committed to maintaining the highest standards of cybersecurity and protecting the integrity of our products, services, and data. This Vulnerability Disclosure Policy outlines our approach to cybersecurity and provides guidelines on how to report discovered vulnerabilities and the timelines for communication.

We encourage customers and researchers to responsibly report any discovered vulnerabilities to us, in writing using the following email address: vulnerability-report@fronius.com. 

Please note, that inter alia the active exploitation of vulnerabilities, running attacks like brute force or denial of service attacks or any attacks that will lead to disruption of Fronius Services or disclosure and/or compromise any data against Fronius systems as well as other similar actions are expressly forbidden, and we strongly advise customers and researchers to refrain of taking such actions. Such actions will be promptly and fully prosecuted.

Upon receiving a report, we will acknowledge the receipt of the report within no later than 7 days.

After receiving a report, we will promptly investigate and take appropriate action to address the issue, aiming to resolve vulnerabilities within a reasonable time frame.

We will keep you informed with regular status updates within a timely manner. 

We value the partnership of security researchers in ensuring the ongoing protection of our systems. Thank you for your commitment to cybersecurity.  

 

Constraints  

Reports with the following security vulnerabilities will be rejected and not considered:

1. Distributed Denial of Service (DDoS)
2. Issues that only affect browsers that are not longer supported by the vendor.
3. CSRF (Cross-Site Request Forgery) in forms that are available to anonymous users