Please be advised that security vulnerabilities should not be reported via public issue trackers. Instead, please report them to the Kinmatec CERT (Computer Emergency Response Team) at secure.mail@automationkinamtec.de.eu . If feasible, please encrypt your message using our PGP key (see below). You should receive a response within 48 hours. If you have not received a confirmation email, please follow up via email to ensure that your message was received. Please find below a list of the information we require. As much as you can, please provide this information to help us better understand the nature and scope of the possible issue.

• Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
• Any special configuration required to reproduce the issue
• Step-by-step instructions to reproduce the issue
• Proof-of-concept or exploit code (if possible)
• Impact of the issue, including how an attacker might exploit the issue
• Full paths of source file(s) related to the manifestation of the issue
• The location of the affected source code (tag/branch/commit or direct URL)

This information will help us triage your report more quickly.

Preferred Languages

We prefer all communications to be in German or English.

In accordance with the Coordinated Vulnerability Disclosure (CVD) principle, researchers are required to disclose any newly discovered vulnerabilities or content-related issues in hardware, software, or services directly to the vendors of the affected product. Researchers may also choose to disclose to a national CERT or other coordinator, who will report to the vendor privately. Alternatively, they may opt to disclose to a private service that will likewise report to the vendor privately. The researcher then gives the vendor the opportunity to diagnose the issue and provides fully tested updates, workarounds, or other corrective measures before any party discloses detailed vulnerability or exploit information to the public. The vendor will continue to liaise with the researcher throughout the vulnerability investigation and will provide the researcher with regular updates on the progress of the case. Upon release of an update, the vendor may recognise the finder for the research and privately report the issue. In the event of attacks being carried out in the wild, and the vendor is still working on the update, both the researcher and vendor work together as closely as possible to provide early public vulnerability disclosure to protect customers. The objective is to provide customers with timely and consistent guidance to help them protect themselves. Should you require further information on CVD, please refer to the documentation provided in the following links:

• ISO/IEC 29147:2018 on Vulnerability Disclosure
• The CERT Guide to Coordinated Vulnerability Disclosure

-----BEGIN PGP PUBLIC KEY BLOCK-----
Comment: User-ID:    Kinmatec CERT <secure-and-sound@automation-kinmatec.de>
Comment: Created:    Jan 12 10:35:48 2026
Comment: Expires:    Jan 12 10:35:48 2029
Comment: Type:    4,096-bit RSA (secret key available)
Comment: Usage:    Signing, Encryption, Certifying User-IDs
Comment: Fingerprint:    00DF DB22 CCCE 9143 A51D  3492 021B 9ECB 3604 B783

mQINBGlmE2UBEACx5x/4kkJxIj8LG31uBeeOQs5lJ8RrMMstSjpmovNS+2hYaRN7
AeZ1ItdPYRjjrTEtIJVL5pnGBJV9N/AnytCKkS/oIZ1eut1XOGnYXQCphl8EsAWJ
+ShXUxq5QjsxOxp1dEwn1fxztRT1tYwS86stErlzNDUHKp1WIIHPT5RQjy1kxQIa
osxQenRdRbzW3OYHeJGQmehbh8uC1dX9Xoj4JKEIMJmHbUagp0bXGWTO3L/Xk5r7
KHgRTTipWug5169KI3mVXivwZJ/0am7DM0dKBobIWohyjhj9D6JfkYT36pMpHojl
DoriWAQJLGMmVwIxUabJInd8b46XrmImFKBDpoTN+JQhkpJoLP/MgqZT7ozd47/d
CMjJz+qZX2vyxyi0dxZvVqaGNlTMYrtSTV617ySH3SUVx6RVVVPX7XQ5QYmYXTRk
L4gXefYmFai1YPSAdyAXXfGsK1Qsd+gSXkmiJV1kHWgArHybj41m1dzm62sS1n4f
NaO2vulvi3GBwSLtdY8LrDYNWYqzbiF4r0b45ANRp8tfjKTpWAKGacBlNEpvqlwa
GVmYXGQVS2O3u9kYf+fO3apo+VbqSNQu3ceg8/uuUYsn0hyqpE3RByVbNwrMHndG
ZlFERBR6yRoqGd+po9ZtW1Uhe1NcpH4mOznI3LaVQq75uxRoJYnyvDYgjQARAQAB
tCJLaW5tYXRlYyBDRVJUIDxzZWN1cmVAa2lubWF0ZWMuZGU+iQJUBBMBCAA+FiEE
AN/bIszOkUOlHTSSAhueyzYEt4MFAmlmE2UCGwMFCQWjmoAFCwkIBwIGFQoJCAsC
BBYCAwECHgECF4AACgkQAhueyzYEt4OJGA//ajYUzlGDoYRrPTqUJYL22Q/iig/t
fzaZMxU1j8uvHBUjH/8SM69cXmGU98foXdMUk5ea0p8fZ/fL1G13uGl3km8+Djc9
uc/kdY8/Su9mKO7L8R4IF3iLaZ4aDDl5bXEuO2Dkf/La6dOh33n/7JBx85r/75lM
poCjBuUfSsIpUfDobUc3EOJsAuNmi2CNzNbC2MqNQKBuYbUmf4WXoY1mPZms1601
N2AfrigceiuSmvKiO3FUIIVJLhSYvCuOtTIA2M5J2CEwedio4uycRbh4RITjrUCb
tR00Lnezm9DdGFJrKdJ/bv2WxS8P1Ii1ZT+hT7bdZuL2UmHVVw/bujtszFkJBu3M
Mlj9JgjPooiFcIjfpMNxyP1fE8ZfwJ4iTapie/mWYQO3hS/4WXDFiu0/Gdu7MDG8
4PrGy/+BGCNVVwCl4uVUxMy05WTpA1zQox/uCpDrebhhUKSvokskhIPoZ4VAokpM
P1jeOn522+M9FCmcw40IgvrkBYMlyGwr3aiGu0IOOC5wICeavp6RhcZgMs+c3Fln
dOQwX1Plw1oYf/5G1XR1HD00i9ntrJLh5QuCY1AcP5kAdd3lUeD1LaC42zgfNJj2
CsGkb9b5Y5P8rpIwgEd0H058i0XsBTwoIMu9wELRIhe+qNjQYr2urbUzknJp2fwT
DkKTEhKmiIvxZ/i5Ag0EaWYTZQEQALtS8W8U60FtGZlScBTbs+jZFI31C8x3zcDK
4ZzV/2kyoGxBH/KHW/Ze5z3X4y7yy8pRWAlWf0e8bkj3tBi115XBmDj6ZK1Ke1mI
EJzIBNCgEnIn5Ne2fNv+2VLGfdGfKMTOpdbZz2LTwdWKZXWNB5GK2r4aWHR6vdWl
1YPxcOyPB5+nqTJchtar4plSmXbV8gcLipoJs9fGmRyg2Y1+rCE9wKeNsauNJep6
UhOo0yYGDf0UNlpm85IUoOsKmw8kj6MCtTLYrJELJ9HM9ff33szYl/Pus+7+S/cp
EMcA3YSiD4dPI2sgk0pNUO6yoK1kj4Bd/njuKBY/7Uky+OSw4oMgPlYjUXtsiuD9
RY1RPIwJODhlav5NCmDbDxMp9lUGxvn4LJz2OragUsP1gk7FDIN2uBfk47LUshNo
M9Pi3PXmy5d71zhdfxRjEGZaCufMXza9Z+2LDzsQfKz2CUs012QMxxBNwgh311Js
AzNO+brrK4irBPTswkPuqhxj+WX8L/ayJBuXrW+RN6Q5GZoeH4K9cpwhFSMOZIVZ
CnQi5PnYEltnKNO5pcf+JwNG5IOz78s+RwhJ51t2UIHmdPUs0Ver7wsG+cZ3Yg9J
RKzB8+gsRgM5eZzhRtl7m00iguRu39rGqN/Ozn83xp+vj5+2TRG9Yne70DCVOrcv
yZXBjK9pABEBAAGJAjwEGAEIACYWIQQA39sizM6RQ6UdNJICG57LNgS3gwUCaWYT
ZQIbDAUJBaOagAAKCRACG57LNgS3g17JEACuHbthlSuncHbZ6X4B6hXl1kEkSRyT
Ivz0uBjc5PVr5m59T214oJT/ZGd+TjNQeq2dAXqOiQDncU4K8b8t74/D+DgcgGi5
Cje3pxLCOrT1d5t655ee1cTLZOq2vxHOj/EZ8yKzFOaUhUwFDT2fJEPndpbxr4VM
KHui6YF1Ow4vyPOfBncE9SHrsjBlJmdXvn+6+9EkM9UH47wR7Xw/xs8GTvd733Pm
GE00LSuf/maHKjGILSmsg/WPp533anCnOj0ixwvPetQx/ckNVoZnE3NESZa5KCbJ
VcoZzaBvaMIiCMNdQ65LCV2Xk0MhPoCSqZIsZZkp/V9jWUUY3R/ywAma+IAQfr9u
BwGQbL73yg+urLgu+p52Fu2O/9ns6i2VvkgpKA9ii/xZMYCM71/KNqCwjLH7ckL9
zCFbHs5rubNYcr1T6ITlysbVfk8HZGhBBTd7SF2l7UwltPyhrWqgbXn7bMItkJpY
PTSEch0K0lQEUyEr4dzlh4cD6hkNwS97oAhaQ4eERxLL3ZJS3qk5mupgezn5RwP9
jbOiaztYih4JYhmvJVscsOoL+bjHkSKhjIaFUuGis1IKshrKpzkWfnIb3UfUQggw
ppN+e05jYQ62j6F0knDqozOOHW4LJePspFzwDlJTCJLMaGRHQyRDoRbTF9XLs0y3
7QnmJxiBB1STsA==
=hRm4
-----END PGP PUBLIC KEY BLOCK-----