Cummins Cybersecurity Responsible Disclosure

Report Potential Security Vulnerabilities

At Cummins, security and compliance are top priorities. If you have information related to security vulnerabilities of Cummins products, services or web applications we want to hear from you and are committed to taking steps to resolve your concerns. We value the positive impact of your work and thank you for notifying Cummins of this matter.

Product, Network and Application Security Incident Reporting

To report a potential vulnerability or security incident involving a Cummins product, web application or service, please notify [email protected].

Submissions will be acknowledged once they have been received and reviewed by our team. Then Cummins teams will conduct a thorough investigation, and take the appropriate steps for resolution, if any.

Please include the following in your report:

  • Email subject line: “Potential Vulnerability”
  • Product, model, version, URL or IP address where applicable
  • Description of the concern or vulnerability - include CVE where applicable
  • Information to help our team replicate the issue (e.g. configuration details, a proof-of-concept or exploit code)
  • Información de contacto

We strongly recommend submissions of reports be encrypted via PGP.

Responsible Disclosure PGP Key [.pdf]

 

Issues that are considered out of scope for this submission (including but not limited to):

  • Reports from automated tools or scans
  • Reports of insecure SSL / TLS ciphers
  • Social engineering of Cummins employees or contractors
  • Open ports which do not lead directly to a vulnerability
  • Equipment damage through physical harm
  • Facility security gaps
  • Denial of Service attacks
  • Phishing attacks
Redirigir a
cummins.com

La información que busca está en
cummins.com

Estamos lanzando ese sitio para usted ahora.

Gracias.