@@ -988,22 +988,7 @@ If the product provides a method to transfer data and settings to another produc
* Verdict: No data or settings could be read or altered by an an unauthorized user, and the data and settings read from the original product and target product are the same wherever technically possible => PASS, otherwise FAIL
* Evidence: List of data and settings, log messages from the attempts to read or alter data as the unauthorized user, data and settings as read from the source product and as read from the target product, comparison explaining technical reasons for any differences in the two versions
### 5.2.18 TR-VULH: Vulnerability handling
#### 5.2.18.1 Requirement
The product shall have vulnerability handling processes which conform to [\[2\]](#_ref_2) prEN 40000-1-3: \"Cybersecurity requirements for products with digital elements – Vulnerability Handling\".
#### 5.2.18.2 MI-VULH: Vulnerability handling
The product shall have vulnerability handling processes which conform to [\[2\]](#_ref_2) prEN 40000-1-3: \"Cybersecurity requirements for products with digital elements – Vulnerability Handling\".
* Applicability: (for requirements that depend on a feature)
* Reference: TR-VULH
* Objective: Vulnerability handling
* Activities: Review documentation associated with vulnerability handling.
* Verdict: Vulnerability handling documentation is compliant with [\[2\]](#_ref_2) prEN 40000-1-3: \"Cybersecurity requirements for products with digital elements – Vulnerability Handling\" => PASS, otherwise FAIL
* Evidence: Vulnerability handling documentation, comparison with [\[2\]](#_ref_2) prEN 40000-1-3: \"Cybersecurity requirements for products with digital elements – Vulnerability Handling\"
