Vulnerability Disclosure Policy

Introduction


Cramer is a global player on the market. With our cutting-edge technology combined with our global reach, we drive the development of high-performing, powerful and durable battery driven tools and equipment forward.
This vulnerability disclosure policy applies to any vulnerabilities you are considering reporting to us. We recommend reading this vulnerability disclosure policy fully before you report a vulnerability and always acting in compliance with it.


Reporting notice


If you believe you have found a security vulnerability, please submit your report to us using the following link: https://cramertools.com/pages/contact 

In your report please include:
Vulnerability Details (mandatory):

• Name

• Email Address
• Asset (device name, firmware version, Cramer app version, android or ios version) where the vulnerability can be observed
• Title of vulnerability
• Description of vulnerability (this should include a summary, supporting files and possible mitigations or recommendations)
• Impact (what could an attacker do?)

Vulnerability Details (optional):
• Weakness (e.g. CWE)
• Severity (e.g. CVSS v3.0)
• Steps to reproduce. These should be a benign, non-destructive, proof of concept. This helps to ensure that the report can be triaged quickly and accurately. It also reduces the likelihood of duplicate reports, or malicious exploitation of some vulnerabilities, such as sub-domain takeovers


What to expect


After you have submitted your report, we will respond to your report within 5 working days. During this time, we will assess the report and prioritize it based on its severity, impact, and exploit complexity.

 

You are welcome to follow up on the status of the vulnerability report. However, we kindly ask that you limit follow-up inquiries to once every 90 days to allow our team to focus on resolving the issue.

We will notify you when the reported vulnerability is remediated, and you may be invited to confirm that the solution covers the vulnerability adequately. Once your vulnerability has been resolved, we welcome requests to disclose your report. We would like to unify guidance to affected users, so please do continue to coordinate public release with us.


Disclaimer


We may update the vulnerability disclosure as normal, so please review the latest policy before submitting a vulnerability

 

Release date: 2025-02-21
Version:1.0