Abetechs GmbH (Grundig Security) Vulnerability Disclosure Policy

Purpose

Our goal is to ensure the security of our users and products. We welcome vulnerability reports and cooperate with security researchers to promptly fix issues.

How to Report a Vulnerability

The preferred method for contacting Abetechs GmbH (Grundig Security) regarding such vulnerabilities and errors is by using email: Security.advisories@abetechs.com

Please note that supplying your contact information with your report is entirely voluntary and at your discretion.

Participating in this vulnerability disclosure does not give you any right to intellectual property owned by Abetechs GmbH (Grundig Security) or a third party.

What We Expect from Researchers

• Detailed description of the vulnerability
• Steps to reproduce (if possible)
• Information about affected product versions
• Contact information for follow-up (email)

How We Handle Reports

• Acknowledge receipt within 5 business days
• Collaborate to verify and assess the vulnerability
• Work on a fix and prepare an advisory
• Publish the advisory within a reasonable timeframe considering severity

Advisory Publication

Abetechs GmbH (Grundig Security) publish vulnerability advisories on website, on the same page with Disclosure Policy.

Advisory list

ID	Date	Product	Description / Issue Summary	Affected Versions	Status / Fix
CWERK-2025-1	2024-07-10	C-Werk	Exposure of Licensing-Related Sensitive Information in Diagnostic Dumps	2.0.0 – 2.0.1	Fixed in v. 2.0.2
CWERK-2025-2	2024-10-12	C-Werk	Improper Session Cleanup on Role Removal in Web Admin Panel	2.0.3 and earlier	Fixed in v. 2.0.3
CWERK-2025-3	2025-01-19	C-Werk	Incorrect Evaluation of LDAP Nested Groups during Login	2.0.2 and earlier	Fixed in v. 2.0.2