Report a Product Cybersecurity Vulnerability

Wabtec encourages researchers, purple teams, industry groups, vendors, customers, and government agencies to submit potential product security vulnerabilities. 

If a potential vulnerability or security defect is identified to affect a Wabtec product, please email the Product Security Incident Response Team at PSIRT [at] Wabtec [dot] com using the instructions below.


  1. Follow Product Vulnerability Reporting Scope and Rules of Engagement
  2. Encrypt submission email using Wabtec’s public PGP key:
    • Follow-up response email address
    • Vulnerability Description
    • Vulnerability Type (IE: Brute Force, XSS, SQL Injection)
    • Product / Service Impacted
    • Steps to Reproduce
    • Impact
    • Potential Remediation or Mitigations
    • Proof of Concept