Lenze Automation.

Securing your freedom.

Integrated cyber security - to secure your machines

In the context of digitalization and industrial development, cyber security is becoming increasingly important. Meshing IT and OT creates new areas of attack, as not only IT but also machines and production systems are becoming targets for cyber attacks. These attacks can cause production downtime, machine standstills and data loss.

Machine builders and operators must protect their expertise and the availability of their machines and systems against cyber attacks. The implementation of the NIS-2 directive and the Cyber Resilience Act (CRA) will make this even more urgent.

NEW: Support for vulnerability management

Our added value for your cyber security

With over 1,000 projects per year, we are an experienced partner for automation systems, digitalization and cyber security. We support you in designing your cyber security concept and, with the help of our solutions, increase the cyber resilience of your applications. This minimizes the risk of downtime.

We live security by design and our development processes follow the known standards and norms, such as IEC 62443. In addition, we are already taking the Cyber Resilience Act (CRA) into account and are working on fulfilling the criteria of Security Level 2 according to IEC 62443-4-2.

Download flyer now

Our cyber security solutions

Encrypted communication: secure communication via OPC UA on our controllers

Backup and restore concepts: Management and recovery of apps, firmware and applications with NUPANO App Management and Engineering Tools

Authentication of users and services: access protection for Drives DataHub, NUPANO App Management and controllers

Firewalls: Restricting access routes into the automation system with firewalls in the x500 and controllers

Encryption of sensitive data: Coding of the PLC program in the PLC Designer and controllers

Roles and responsibilities

Machine builder

Develops the cyber security concept for the machines
Protects own and operator data and expertise
Prevents downtime for machine operators
Meets legal requirements
Provides an expert team (PSIRT) for rapid response in an emergency

Lenze

Supports machine builders in creating secure machines through products and functions
Protects data and expertise of machine builders and operators
Acts as an expert and consultant
Meets legal requirements
Our team of experts (PSIRT) responds quickly in an emergency

Legal framework (valid for EU)

Cyber Resilience Act (CRA)

From December 2027, machine builders and suppliers will only be allowed to sell components and machines with digital elements that meet the cyber security requirements of the CRA. Lenze is also committed to these requirements.

Vulnerability management: Cyber security begins with transparency

With the Cyber Resilience Act (CRA), the EU will require all manufacturers of products with digital elements—including machine builders—to report actively exploited vulnerabilities starting in September 2026. Starting in December 2027, structured vulnerability management will be mandatory. The goal is to identify cybersecurity gaps early on, assess them appropriately, and fix them promptly.

What does this mean for mechanical engineers in concrete terms?

In future, mechanical engineers will have to:

Continuously monitor the vulnerabilities in their machines and the components used
Establish clear processes for evaluating and sharing security-related information
Inform their customers about relevant cyber security risks in their machines

The following applies: Responsibility does not end with your own product – information from suppliers must also be actively obtained, evaluated, and documented.

Lenze supports you in handling vulnerabilities

To enable you, as a machine manufacturer, to fulfill your responsibilities efficiently, Lenze provides you with all the information you need in a transparent, machine-readable, and automation-friendly format:

1. security.txt – our cyber security contacts at a glance

You can find our cyber security contact information in accordance with the international standard RFC 9116 at lenze.com/.well-known/security.txt.

Here you can find out how to contact us if you discover any vulnerabilities and where you can access our machine-readable advisories.

2. CERT@VDE – menschenlesbare Advisories abonnieren

Unsere offiziellen Security Advisories veröffentlichen wir über den CERT@VDE.

Dort lassen sich die Informationen direkt einsehen und z. B. via RSS-Feed Abonnement.

Das ist besonders geeignet für Unternehmen mit geringem Automatisierungsgrad im Schwachstellenmanagement.

3. CSAF – maschinenlesbare Advisories effizient nutzen

Lenze stellt beim CERT@VDE zusätzlich Advisories im maschinenlesbaren CSAF-Format (Common Security Advisory Framework) bereit.

Die Bereitstellung im CSAF-Format bietet Maschinenbauern die Möglichkeit, ihr Schwachstellenhandling zu automatisieren und Advisories direkt von uns zu erhalten.

Sie finden unseren Feed unter:https://lenze.csaf-tp.certvde.com/.well-known/csaf/white/csaf-feed-tlp-white.json

Ein Tool zur Konsumierung und Weiterverarbeitung der Informationen ist die Open-Source-Lösung ISDuBA: Damit können Sie CSAF-Meldungen Ihrer Zulieferer filtern, priorisieren und abonnieren – mit deutlich geringerem Aufwand als bei manuellen Prozessen.

A glimpse into the future... “Less is more”

In a world where cyber security is becoming increasingly critical, fewer activated functions mean fewer attack targets. Products that require users to activate functions and interfaces are becoming the standard. Lenze is adapting to this development and will deliver products in a smart “secure-by-default” configuration in future.