www.pcvuesolutions.com Open in urlscan Pro
149.3.145.198  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 * Home
 * SOLUTIONS
    * SCADA solution
    * Mobile app
    * IoT Solutions

 * PRODUCTS
    * PcVue – SCADA
    * Dream Report – Advanced reporting
    * Alert – On call management
    * Canary – Historian

 * MARKETS
    * Smart Building
    * Energy
    * EV Charging Systems
    * Infrastructures
    * Transportation
    * Water & Wastewater systems

 * ABOUT US
 * CUSTOMER CARE
    * Product documentation
    * Contact us
    * Security Bulletins

 * DEMO

 * Home


 * SOLUTIONS
   
   * SCADA solution
   * Mobile app
   * IoT Solutions


 * PRODUCTS
   
   * PcVue – SCADA
   * Dream Report – Advanced reporting
   * Alert – On call management
   * Canary – Historian


 * MARKETS
   
   * Smart Building
   * Energy
   * EV Charging Systems
   * Infrastructures
   * Transportation
   * Water & Wastewater systems
 * ABOUT US


 * CUSTOMER CARE
   
   * Product documentation
   * Contact us
   * Security Bulletins
 * DEMO


VULNERABILITY DISCLOSURE POLICY

Computer systems are exposed to threats and attacks with potentially dramatic
consequences. It is essential to ensure the protection of these computer systems
to guarantee their safety and security.
The products we supply are often at the heart of sensitive environments, in
automated process control or in systems designed to ensure people safety and
property security. As such, we design our products by following processes and
using technologies that contribute to the security of those systems. However,
despite our best efforts, our products may contain vulnerabilities susceptible
to jeopardize the security of the systems in which they are integrated.
ARC Informatique’s vulnerability disclosure policy addresses the handling of
security vulnerabilities affecting ARC Informatique’s products and services
(collectively designated as ‘Product’). It is designed to ensure vulnerabilities
are qualified, their impact assessed, and that accurate information is provided
in a timely fashion to assist asset owners in keeping their systems safe and
secure.
ARC Informatique adheres to the principles of responsible disclosure and is
committed to collaborating with researchers, CERTs, product users and
authorities. Everyone is encouraged to report findings. We expect finders,
either an individual or an organization who has found a potential vulnerability,
to adhere to the same principles. ARC Informatique requests that finders
undertake not to disclose the vulnerability without ARC Informatique’s consent
until it has been resolved, not to use the vulnerability for exploitation beyond
the minimum necessary to demonstrate it, and not to take advantage of the
vulnerability discovered in ways that may have harmful consequences.
As part of this policy, a vulnerability is a software weakness that can be
abused to cause unintended behavior, with a potential impact on the safety or
security of an affected system. We leverage feedback to design safer and more
secure Products.




1. REPORTING

To report a security vulnerability, you can contact ARC Informatique using the
point of contact described in the Contact section.
When submitting a vulnerability report, we expect the finder to provide at least
the following information:

 * Name of the Product with its build number and the affected component
 * Detailed description of the potential vulnerability and its impact
 * Installation or configuration prerequisites
 * Proof-of-concept or exploit code if available
 * Step-by-step instructions
 * Any other relevant information

ARC Informatique handles the reported information securely and applies industry
standards to keep the information confidential.
The finder’s personal data is only used to undertake actions regarding the
reported security vulnerabilities. We will not disclose your personal
information to third parties without permission, unless required by law.


2. EVALUATION

ARC Informatique commits to acknowledging a received report within 5 business
days.
Our teams investigate the reported vulnerability. If needed, we may request
additional information and conduct a risk assessment considering the typical
setup of the affected Product.The progress and conclusions of the analysis are
shared with the finder, and a preliminary CVSS scoring is performed.
An early warning notification process is in place for ARC Informatique to
fulfill its legal and contractual requirements whenever applicable.


3. MITIGATION & PATCHES

Whenever possible, ARC Informatique develops a patch fixing the root cause of
the vulnerability and provides mitigation measures.
The finder is informed of the progress and can be involved in the validation of
the patch and proposed mitigation measures.
Until the end of the embargo period, and with the sole purpose of limiting the
risks for asset owners, the finder commits not to disclose any information.


4. DISCLOSURE

As soon as a remediation is available, whether it is a set of mitigation
measures or a patch, ARC Informatique prepares and coordinates the publication
of a security bulletin. Security bulletins are made available publicly on the
web site of ARC Informatique.
A CVE is assigned to vulnerabilities before publication whenever applicable.
A security bulletin contains the following information:

 * General description of the vulnerability, including the CVSS score and the
   associated CVE Id
 * Impact in case of exploitation
 * Affected Products and versions
 * Description of the mitigation measures if any
 * Description of the patches and instructions for their deployment

With the agreement of the finder, credit is given for responsible reporting and
collaboration.




5.CONTACT

Feel free to contact us if you want to report a safety or security
vulnerability.
Useful information to be included in your report are detailed in the Reporting
section.
Our teams can be reached with reports in English or French, our offices are
located in France.
Email: secure@arcinfo.com
PGP public key file
PGP Fingerprint: f45a2e7a8e04f94c6a1d88545bfdce3cc7730f2


6. USEFUL LINKS

 * Security alert page

Products


 * PcVue – SCADA
 * Dream Report – Advanced reporting
 * Alert – On call management
 * Canary – Historian

Discover


 * ABOUT US
 * Contact us



Follow us








Privacy Policy