Cyber security for component manufacturers SECURE BY ANY STANDARDS


Cloud connection and networking via the Internet of Things (IoT) are creating new opportunities for your OT products – but also new risks.

In 2022 alone, ransomware attacks on OT in production and infrastructure increased by 87%.

Protect your products from the start using secure software – and accommodate increasing regulatory requirements, like the forthcoming EU Cyber Resilience Act.

Your motivation:

Your OT products have long had more than just their defined control, sensor, or actuator function: They also communicate in production, infrastructure, and rail networks, and that’s why they must be protected against unauthorized access. The plant operator’s security measures, such as Defense in Depth or Zero Trust, are one thing. But as the manufacturer, you also have an obligation to put specific security measures in place in accordance with Germany’s IT Security Act 2.0, the forthcoming EU Cyber Resilience Act, and the new EU Machinery Regulation 2023/1230. Standards IEEE 62443 and TS 50701 are also relevant in this connection. But how can you identify and counter vulnerabilities and risks in your OT components and systems?

Cyber security for your OT products –
ask us!

Want to make your product cyber-secure? Get advice from our experts: Send an email with your request or call us. Protect your OT against the dangerous consequences of software errors and vulnerabilities!

What creates added value for you:

Codewerk helps you make the embedded software in your OT products cyber-secure – in two key areas:

  • First, by eliminating vulnerabilities right at the product development stage.
    That offers the best guarantee of minimizing security incidents in the field and thus requiring fewer security updates and patches. That’s a key factor in keeping operations moving, especially in areas such as rail-based transport.
  • Equally important is the need to monitor software products for vulnerabilities throughout the product lifecycle. Continuous security vulnerability monitoring makes that possible. It comprises not only monitoring but also evaluation of vulnerabilities, and the recommendations for action on that basis.

Codewerk services for secure software:

Development phase:
Secure coding and code review

Test phase:
Penetration testing and fuzzing

Operational phase:
Vulnerability management

What we do differently:

Codewerk is a partner, for example, to major industrial and rail vehicle equipment and component manufacturers, and is also active in R&D projects in the rail transport sector. Based on our understanding of complex systems and our own roots in software engineering, we can specifically target typical risks. Here are just three of many examples:

  • Insecure standard configuration: A quick and easy target for hackers, but still a widespread one. This is where our Fuzzing comes in – a deliberate attempt to crash the system with randomly generated input data. Based on the insights obtained, we then apply our software expertise to optimize the source code.
  • Code vulnerabilities: Most software is sourced externally – and is therefore beyond the control of the product manufacturer. Our continuous vulnerability monitoring and management reveals security loopholes – in libraries or frameworks, for example – and assesses their potential repercussions.
  • Insecure data validation and input checking: If inputs are not properly validated, hackers can inject malicious code (e.g. SQL injection or cross-site scripting) into the system and execute it. Using Security by Design, we counter this risk right at the development and testing phase.

The product is ready – how about a little security on top? Why Security by Design in accordance with IEEE 62443 pays off

In many cases, cyber security is still considered a product feature, and treated as such: Once the basic functions have been defined and programmed, security is added on top as a compulsory component.

It’s time this way of thinking was turned around: How must a function be implemented to make it secure? Errors in system design in particular – such as insecure fallback mechanisms or errors in key management – can be avoided only using Security by Design. Error correction right at the development stage not only makes this approach more secure but also much more cost-effective.

Which Fuzzing solution is recommended? Points in favor of security testing

We’re basically flexible. We believe there are clear practical benefits in using a fuzzer to continuously test the source code for security vulnerabilities right from the start of development. The fuzzing tests are easy to integrate into a CI/CD pipeline. Apart from that, fuzzing improves code quality substantially. We’ve had very good experience with libFuzzer, and also AFL++.

Which security monitoring solution must I use? Points in favor of efficient vulnerability management

Our vulnerability management includes:

  • Tracking third-party software and the software versions used
  • Continuous monitoring to determine whether new vulnerabilities exist for the software you’ve found
  • Assessment of detected vulnerabilities and testing whether they can be exploited.

We’ll also perform a comprehensive assessment of your own or proprietary software.

To sum up, we monitor your product for vulnerabilities throughout its lifecycle and provide you with recommendations for your specific application.

See also:

“Head in the sand” no longer applies

How companies should respond to the EU’s Cyber Resilience Act

Standards-compliant cyber security for your OT –
ask us!

Want to make your product cyber-secure? Get advice from our experts: Send an email with your request or call us. Your first step toward effective cyber security!


At Codewerk, we want to help improve protection for the world of OT. So cyber security is more than just another area of growth to us. We’re driving advances in this field out of a genuine passion for and identification with our customers’ world. As a long-standing software development partner to the process industry, manufacturing industry, and rail-based transport, we know how complex systems are – and how long a journey it is in order to achieve the same level of security as in IT. But there’s no time to slowly build up a culture of cyber security. The time to act is now.

  • A decade of experience as an independent software developer and service provider
  • Four locations in Germany
  • Partner in national and international R&D projects and in the open Siemens Xcelerator ecosystem
  • Certification to ISO Standard 27001 since 2020

Modellbasiertes Software-Engineering für die Fahrzeugsteuerung


Die Entwicklung und Validierung von Fahrzeugsteuerungssoftware beschleunigen wir auf Grundlage des modellbasierten Software-Engineerings.

IoT- und Edge-Applikationsentwicklung


Gesundheitszustände monitoren, Optimierungsmöglichkeiten im Netz erkennen, vorausschauende Wartung ermöglichen – unsere Applikationsentwicklung macht Wissen aus Ihren Daten.

Subsystem-Integration für Fahrzeugsteuerung und Betreibernetz


Multi-Vendor-Architekturen zu einem funktionierenden Ganzen zusammenzufügen – dafür übernehmen wir die volle Verantwortung bei der Subsystem-Integration für Fahrzeugsteuerung und Betreibernetz.



Um Schienenfahrzeugtechnik an den Herausforderungen der zukünftigen Jahrzehnte auszurichten, arbeiten wir intensiv an internationalen Forschungsprojekten mit.



Leistungsfähig und modular erweiterbar – wir leisten in internationalen Standardisierungsprojekten unseren Beitrag zu einem künftigen Basissystem.

Geräteintegration für SIMATIC PCS 7 / SIMATIC PCS neo


Die Leitsysteme von Siemens SIMATIC PCS 7 und SIMATIC PCS neo sind führend in der Prozessindustrie. Wir übernehmen für Sie die reibungslose, systemkonforme Integration Ihrer eigenen Produkte oder Third-Party-Komponenten.

PROFINET Stack Integration


Sie wollen PROFINET in Ihre Chips oder Geräte integrieren. Wir übernehmen die Adaption des geeigneten Stacks als Sorglos-Paket für Sie – bis hin zur Zertifizierung.

Systemintegration für industrielle Kommunikation


Ob PROFINET, OPC UA oder MQTT und darauf basierende Anwendungen – wir übernehmen für Sie die komplette Integration von Produkten in Ihre Systemlandschaft der industriellen Kommunikation.

IoT- und Edge-Applikationsentwicklung


Sie wollen aus Big Data Smart Data machen – wir bauen Ihre Anwendung: von der Datenerfassung (Konnektivität) über die Datenübertragung bis zur Datenevaluierung und -nutzung.


Sie wollen Ihre komplette Produktionsanlage in die IoT-Cloud bringen? Dann bringt Sie unsere eigens entwickelte MindSphere® Efficiency Suite weiter. Mit ihr modellieren und strukturieren wir Ihre Anlage in der Cloud – effizient, sicher und mit viel weniger Aufwand, als Sie denken.


Sichere Punkt-zu-Punkt-Verbindungen in der Industrie lassen sich relativ einfach mit den entsprechenden IO-Links realisieren. Damit die Integration systemkonform läuft, bieten wir Ihnen die passenden Treiber.


Die systemkonforme Anbindung von TURCK-Systemen an das Prozessleitsystem SIMATIC PCS 7 muss kein Zeitfresser sein. Unsere Baustein-Bibliothek sorgt für maximalen Komfort auf der Anwenderseite.

Cyber Security für Komponentenhersteller:


Wie wir Ihnen helfen, mögliche Schwachstellen in Ihren Produkten zu eliminieren – von der Produktentwicklung über den gesamten Lebenszyklus hinweg.

Cyber Security für Anlagenbetreiber:


Wie Sie mit uns Risiken im Betrieb monitoren und mitigieren können – unterstützt durch unsere Kombination aus System-, Software- und Security-Know-how.