SECURITY COMMITMENT

Automated Logic, a Carrier Company, is committed to the security of our building automation and controls. We investigate all reports of security vulnerabilities affecting our products. If you believe you have found a security vulnerability in one of our products, please send an e-mail to:

mail_outline [email protected]

Please use our Contact Us form for all product inquiries and other correspondence unrelated to product security vulnerabilities.

Note: When reporting a vulnerability, please do not transmit sensitive information to the e-mail address provided above. You should receive a confirmation of our receipt of your e-mail or similar response within 48 hours. Our response will include additional information to enable secure communication. Please follow up with us if you have not received a response within this time frame.

On December 10, 2021, CVE-2021-44228 was published as a Remote Code Execution vulnerability in the Apache Log4j library, a Java-based logging utility. This vulnerability allows an attacker who can control log messages to execute arbitrary code loaded from attacker-controlled servers. Apache quickly released Log4j 2.15.0 to resolve the vulnerability.

Read More

Automated Logic products and services are also covered under Carrier’s Global Product Security Program, which ensures that products and services manufactured and supported by Carrier are subject to robust secure development and process control requirements that comply with commercially appropriate cybersecurity standards of compliance. The Carrier Way for product security means proactive focus, best practices, comprehensive support and the domain expertise to strengthen and ensure the resiliency and stability of our offerings.