Vulnerability Disclosure

Wärtsilä recognises the valuable role the research community plays in continuing to ensure the safety and security of our customers. We welcome vulnerability reports related to our solutions and wish to keep developing an open partnership with the security community.

Scope of vulnerability disclosure:

• Wärtsilä products & solutions
• Wärtsilä public web site (wartsila.com)
• Wärtsilä customer digital channels

We accept vulnerability reports within the scope outlined above and appreciate good-faith efforts to help us improve security. We will not pursue legal action against individuals who:

• Conduct testing in good faith without harming Wärtsilä, its customers or partners
• Engage in responsible disclosure and coordinate it with Wärtsilä

Get in touch

Contact Wärtsilä PSIRT through psirt@wartsila.com
PGP Public Key (54B7 C22C 13A1 1026 8C28  B125 0585 C02C E0E7 6173)

We recommend encrypting your e-mails and please write your submissions in English.

The following information is helpful for processing your submission:

• Your name and organisation (or indicate if you prefer to remain anonymous)
• Contact details in case we need further clarification
• Type of vulnerability
• Impact of the issue, if known
• Steps to reproduce the issue, including a proof of concept if available
• Affected product, solution, or service
• Whether the information has already been published elsewhere
• Whether you would like to be publicly recognised for your finding

Thank you for your support!