If you discover a security vulnerability in TiaCommander, please report it responsibly. Do not open a public GitHub issue for security vulnerabilities.

Email info@tiacommander.com with:

• A description of the vulnerability
• Steps to reproduce the issue
• The potential impact
• Any suggested fixes (optional)

• Acknowledgment within 48 hours of your report
• Assessment and severity classification within 5 business days
• Resolution timeline communicated based on severity
• Credit in the release notes (if desired) once the fix is published

This policy covers:

• TiaCommander MCP Server (the .exe distributed via this repository)
• TiaCommander Manager (the configuration GUI)
• The TiaCommander website (tiacommander.com)

• Siemens TIA Portal vulnerabilities (report to Siemens ProductCERT)
• Third-party MCP client vulnerabilities (report to the respective client)