Cybersecurity and Information Security
At KARL STORZ, we always focus on the well-being of the patient and the best possible support for the doctor. As soon as this goes hand in hand with information processing, it is also associated with security risks that can occur in our products and services as well as in connected information infrastructures despite all due care. Transparency creates trust here.
Coordinated Vulnerability Disclosure and Incident Reporting
KARL STORZ maintains a global network of product security officers who design, develop and deploy state-of-the-art security and privacy capabilities for our products and services, and handle security incidents in a risk-oriented manner.
Product security requirements are embedded in the KARL STORZ Security Framework, which is derived from ISO27001, NIST CSF and relevant industry standards.
KARL STORZ supports coordinated vulnerability disclosure and encourages vulnerability testing by security researchers and customers who responsibly report them to KARL STORZ.
If you have discovered potential security and privacy vulnerabilities in our products, services or infrastructure associated with KARL STORZ, please notify us via the following email address:
Please inform us about your findings as descriptive as possible.
For joint processing, we are guided by the recommendations of FIRST.org (https://www.first.org/global/sigs/vulnerability-coordination/multiparty/guidelines-v1.1)
Known security vulnerabilities may also affect our products. You can find our related security advisories here:
- CVE-2021-44228 & CVE-2021-4104 | Apache Log4j Logging Tool Remote Execution Vulnerability
- CVE-2021-34527 | Microsoft Windows Print Spooler Remote Execution Vulnerability (AIDA Bella - AIDA HD Connect)
- CVE-2021-34527 | Disabling Windows Print Spooler Service on AIDA HD Connect
- CVE-2021-34527 | Microsoft Windows Print Spooler Remote Execution Vulnerability (STREAM CONNECT)
- CVE-2021-34527 | Microsoft Windows Print Spooler Remote Execution Vulnerability
- CVE-2020-0601 | Microsoft Windows CryptoAPI Spoofing Vulnerability
- CVE-2019-0708 | Microsoft Remote Desktop Services Remote Code Execution Vulnerability
- CVE-2017-0143 & 144 | AIDA WannaCry Malware Letter