1. Manufacturer Information

Manufacturer:
WEY Group AG (WEYTEC)

Address:
Dorfstrasse 57
CH-8103 Unterengstringen
Switzerland

Contact:
General inquiries: info(at)weytec.com
Security-related inquiries: security.group(at)weytec.com

 

2. Product Identification

Product Name (TOE)
WDP MX 

Long Name
WEYTEC distributionPLATFORM

Product Type
Smart and secure KVM (Keyboard, Video, Mouse) system for controlled access to distributed source systems, including multi-site deployments.

Version in Scope

  • TOE Version: 1.9

  • Includes hardware, firmware, software components, and guidance documentation as defined in the Security Target.

     

3. Status of Cybersecurity Certification

An application for cybersecurity certification has been submitted for the product identified above.

  • Certification Scheme:
    European Union Cybersecurity Certification Scheme (EUCC)
  • Evaluation Standard:
    Common Criteria (ISO/IEC 15408)
  • Target Assurance Level:
    EAL2
  • Certification Authority:
    Federal Office for Information Security (BSI), Germany
  • Current Status:
    Certification procedure ongoing

This information does not represent a statement on the outcome of the certification process. Upon completion of the certification, the relevant certificate information will be published on this page.

 

4. Product Overview and Intended Use

WDP MX is a signal distribution and control system designed for 24/7 operation in control rooms and similar high-availability environments.

It enables authorized users to securely access and operate multiple source systems via shared peripherals while maintaining strict logical separation between systems.

The TOE integrates frontend components (Transmitters, Receivers, smartTOUCH / smartUX) and backend components (Control Application, Configuration Server, EventStore) within a dedicated IP-based infrastructure.

 

5. Security Functions (Summary)

The WDP MX provides the following core security functions:

  • User identification and authentication for all security-relevant operations
  • Role-based and permission-based access control to source systems and user data
  • Controlled information flow between connected endpoints to prevent unintended data leakage

  • Secure communication between distributed TOE components using cryptographic protection

     

6. Secure Installation and Operational Guidance

For secure operation of the WDP MX, the following conditions apply:

  • The TOE must be installed and initially configured exclusively by WEYTEC field engineers or trained personnel authorized by WEYTEC.
  • Operation shall follow the official guidance documentation provided with the product.
  • The TOE shall be operated in a logically separated network environment.
  • Physical access to backend components must be restricted to authorized administrators.

Detailed configuration and operational instructions are provided in the official WEYTEC guidance documents.

 

7. Scope and Limitations of the Security Evaluation

Included in Scope

  • Hardware, firmware, and software components of WDP MX version 1.9 as defined in the Security Target
  • Security functions related to authentication, access control, information flow control, and secure communication

Excluded from Scope

  • External source systems connected via transmitters
  • Network infrastructure components (e.g. switches)
  • Device GUI and web interfaces of backend components

  • Physical and organizational security measures outside the TOE

     

8. Security Updates and Support Period

WEYTEC provides security-relevant updates for the WDP MX during the official product support period.

The exact duration of support and update availability is defined in the product lifecycle documentation and customer agreements.

 

9. Vulnerability Reporting

Security vulnerabilities can be reported responsibly to:

security.group(at)weytec.com

WEYTEC supports coordinated vulnerability disclosure.

 

10. Public Information on Vulnerabilities

Publicly disclosed vulnerabilities—if applicable—are communicated via:

  • WEYTEC security advisories
  • Public vulnerability databases (e.g. CVE-based repositories)

If no publicly known vulnerabilities exist, no corresponding entries are published.

 

11. Information Status

  • Last updated: 14th January 2026
  • This page will be maintained during the certification process and throughout the product lifecycle.