HOW TO REPORT A STIHL VULNERABILITY

At STIHL, we take the security of our systems and data seriously. We recognise the importance of collaboration with customers, security researchers and members of the broader community to identify and address potential vulnerabilities.

This policy applies to all systems, software, products, and infrastructure owned or operated by Andreas Stihl Limited.  

When reporting a vulnerability, please include the following information:

• Item number of the affected product
• Type of vulnerability
• Vulnerable component and version
• CVE-ID or CWE-ID, if available

Please do not send us sensitive information that could be used to exploit the vulnerability. After the initial contact we will provide you with a secure communication channel to upload and share further information.

To report a vulnerability, please send an email to security@stihl.com.

Please use a descriptive subject line, such as "Security Vulnerability Report," and provide the information mentioned above in your email.

Our security team will review your report and share a secure communication channel with you.  We will work on your report to verify and address the vulnerability. We may reach out to you for further information or clarification during this process.

Once the vulnerability has been resolved, we will notify you.

For general inquiries or assistance, please contact us at enquiries@stihl.co.uk.