PSIRT – Product Security Responsible Team

PSIRT – Product Security Responsible Team

PSIRT – Product Security Responsible Team

The Festool Product Security Incident Response Team (PSIRT) is the central point of contact for reports of potential security vulnerabilities in Festool products or the app. All reports of potential security vulnerabilities or other security incidents relating to Festool products can be forwarded to the Festool PSIRT. The Festool PSIRT coordinates and manages communication with all parties involved, both internally and externally, in order to respond appropriately to identified security vulnerabilities.

If you have discovered a security-related vulnerability, you can report it to us confidentially via the reporting channels described on this page. Festool will not take legal action against anyone who reports security vulnerabilities in good faith and does so responsibly and in accordance with applicable law.

Not the right topic?

This page is intended exclusively for reports of security-related vulnerabilities. For general enquiries regarding service, repairs, warranties, quality or spare parts, please use our contact form.

Advice if you suspect an infection

If you suspect a security-related vulnerability or a security breach, isolate the affected product from network and wireless connections – such as Wi-Fi, Bluetooth or other data connections – as a precaution, where possible.

Disconnecting the device from the mains supply or removing a battery should only be done if this is permitted and can be done safely in accordance with the operating instructions and safety information. If there are signs of a physical hazard, in particular smoke, heat, an unusual odour, noise or visible defects, please follow the safety instructions in the operating instructions and the product-specific safety information as a matter of priority.

Report a security vulnerability

Report by email

Please use psirt@festool.com for this purpose

Before submitting your report, please check – where possible – whether the latest available software version is installed on the affected product. To enable us to assess your report quickly, please provide us with as much detailed information as possible. In particular, please specify the following:

  • Affected products or app
  • Exact name and version, firmware or software version
  • Nature of the vulnerability and observed effects
  • Steps to reproduce the issue or a secure proof of concept (PoC)
  • Technical environment and prerequisites
  • Whether the vulnerability has already been disclosed or a disclosure is planned
  • Whether there are any indications of active exploitation
  • Relevant attachments such as screenshots, logs or network traces

Report via the web form

You can use this form to send us structured information about a potential security vulnerability. Reports can be submitted in German or English.

Please do not submit any production credentials. If screenshots, log files or proof-of-concept files contain personal data, please remove or anonymise this data before uploading.

Web form (SSL)
Co-ordinated disclosure of vulnerabilities

Festool adheres to the principle of Coordinated Vulnerability Disclosure. Reported security vulnerabilities are received, analysed and assessed by the PSIRT. If a security vulnerability is confirmed, Festool works to assess potential risks appropriately and to develop and provide suitable measures for risk mitigation or resolution – such as updates, workarounds or security advisories. In doing so, Festool takes into account the interests of affected users as well as regulatory and security-related requirements. Identified and resolved vulnerabilities are published in the form of security advisories.

If you are planning to publish information or have already reported the vulnerability to third parties, please let us know in your report. We will be happy to coordinate the next steps with you.

Security Advisories

Festool publishes security advisories on confirmed security vulnerabilities where appropriate risk mitigation or remediation measures are available or are being provided. Security advisories contain relevant information on the affected products, the nature of the security vulnerability and recommended actions.

Please check regularly to see if there are any new notices, updates or recommended actions available for your products.

Security Advisories