Product Security Incident Response Team (PSIRT)

The MAHLE PSIRT is the central point of contact for all the external security researchers, customers and suppliers to report vulnerability information related to Products of MAHLE Group.

How to report a vulnerability?

If you believe you have identified a potential security vulnerability in a MAHLE Product, please contact us at: product.security@mahle.com

When reporting kindly provide us the following information:

Reporter: Name of the Reporter / Organization. In case if you want to remain anonymous, we will respect your interests.
Contact Details: Details on how to contact you if more information is necessary.
Description of Vulnerability: Technical details along with additional helpful information like how it was discovered and what is the potential impact of this vulnerability etc. If possible, also provide Test Logs or evidence which can help us to reproduce it.
Affected components: Information as far as available such as Product Name, Firmware version, Model Name/Number etc. and any further available information about it.
Proposed Remedy: Please provide information about the proposed resolution if any.

Important Notice:
We will not use your contact information for any purpose other than analyzing and recording potential vulnerability information.
Please refer to MAHLE privacy Statement.

During the Vulnerability Handling Process, Reporter will be informed about status of the Vulnerability on regular intervals via email.

Vulnerability Handling Process

1. Information collection

In this step, the vulnerability reports received to MAHLE PSIRT (via email product.security@mahle.com) are regularly monitored and processed for further analysis.

2. Triage and Verification

Vulnerability reports received from this platform are triaged to find the relevance to our products. If found relevant, then initial analysis will be done together with Product Security experts to verify the presence of this vulnerability and to understand the risk associated with it.

3. Analysis and Mitigation

In this step, a detailed analysis will be done to find out the root case and a mitigation options. At the end of this step a Remediation Plan will be created for remediation of the Vulnerability. We will also notify our affected customers/suppliers about the presence of vulnerability.

4. Vulnerability Disclosure

We will disclose the vulnerability information to our affected partners and/or public based on the nature and impact of the Vulnerability. Disclosure of the vulnerability to public can only be done after alignment and agreement with all our affected partners to avoid any further damage due to the presence of the vulnerability.