Festo Products Considered Critical Infrastructure by the Cybersecurity & Infrastructure Security Agency | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Summary

ISLANDIA, N.Y. – July 9, 2025 – The Cybersecurity & Infrastructure Security Agency (CISA), America’s cyber defense agency, now includes Festo cybersecurity advisories on its website. The CISA website is the authoritative source of vulnerability and remediation information in the United States and is a place where the leading connected products suppliers seek to post their security advisories.

Festo’s cybersecurity journey began in 2020 with the formation of the Product Security Incident Response Team (PSIRT). The company slowly grew the infrastructure for developing and maintaining secure products. Festo formed the Central Department of Product Security in early 2023, when Florian Fetz, Head of Software Processes, Methods and Tools, joined the company. Fetz began building the Central Department’s team.

The Central Department implements and maintains processes and policies for product development with a focus on product security. The department is also responsible for tracking and communicating product vulnerabilities.

“Festo connected products were developed in line with state-of-the-art technology,” said Tobias Pfeiffer, global product security officer. “The company recognizes that it is impossible to predict every vulnerability that can occur over a product’s lifecycle and that is where the PSIRT takes over.”

“PSIRT is the first point of contact when vulnerabilities are discovered, and the information is relayed to Festo,” said Aleg Vilinski, Head of Product Security. “The PSIRT team analyzes the level of risk in the vulnerability, develops remediation solutions and publishes comprehensive advisories listing product identification, the issue and the solution(s) on the Festo advisory webpage in its support portal and with third parties like CISA and CERT@VDE.”

Vilinski continued, “Over the past year, Festo demonstrated the critical infrastructure position of its products by documenting for CISA personnel the range and type of Festo connected products used in the manufacturing, food and beverage and processing industries, the number of Festo product installations in North America, and the central position these products play in automated systems.”

Festo is certified to IEC 62443-4-1, the first international standard for the cybersecurity of industrial automation and control systems. By 2027, Festo connected products will be compliant with the European Union’s Cyber Resilience Act (CRA). These CRA compliant products will feature:

• Secure development practices, including secure coding practices
• Vulnerability management, including regular scanning and patching to address security issues
• Software Bill of Materials (SBOM) information that enables better identification of potential vulnerabilities. (Festo offers an open-source tool for SBOM.)
• Incident reporting of critical security incidents to relevant authorities
• User friendly security features, including clear guidance on how to use security features
• CE marking showing the product meets CRA standards

Festo summarizes its approach to security in its Security white paper for Festo controllers. The work of PSIRT is detailed on the Festo PSIRT webpage, which includes secure contact information for those reporting vulnerabilities.

About Festo U.S.

Festo is a leading manufacturer of pneumatic and electromechanical systems, components and controls for process and industrial automation. For 100 years with more than 50 in the U.S., Festo Corporation has continuously elevated the state of manufacturing with innovations and optimized motion control solutions that deliver higher performing, more profitable automated manufacturing and processing equipment. Through advanced technical and industrial education, Festo Didactic Learning Systems and its partners prepare workers for current and future manufacturing technologies.

---

---