HAVE YOU DISCOVERED A SECURITY FLAW? LET US KNOW ABOUT THE ISSUE!

Landis+Gyr is committed to resolving security incidents and vulnerabilities to meet the needs of partners, customers, and the broader community to manage energy better. To minimize interruptions in products, solutions, and services Landis+Gyr productCERT team is dedicated to identify, assess and remediate various types of security vulnerabilities before they are exploited by threat actors or cause any possible damage.

We encourage any person or organization to engage with us when a potential vulnerability has been associated to Landis+Gyr product or solution and submit a report about the discovered security flaw.


*
*
*
*
(if available, please add screenshots, recordings, log files, scripts, Proof of Concept to demonstrate the exploitation, etc.)
 
*
 

*
Yes, I give my consent. No, I prefer to stay in anonymity.



*Mandatory field



Contact Landis+Gyr productCertContact Landis+Gyr Security

Email: productCERT@landisgyr.com

PGP Public Key
Fingerprint: 345A B00A 110A 3543 0FF4 D2C2 6F7E 4510 C58E 79FC

For general security topics, please contact the Global Cyber and Information Security team.

Email: cybersecurity@landisgyr.com

NOTE: To securely disclose sensitive or confidential information about products and services, please use PGP protected communication channel. For general information about Landis+Gyr products, services and general technical support, please use the Contact page or get in touch with your dedicated Sales contact point.



WHAT CAN YOU EXPECT AFTER SUBMITTING A REPORT ?

A core principle of Landis+Gyr is being a trusted partner in managing energy better. We encourage you to engage with us and follow the principles of coordinated vulnerability disclosure to minimize the risk of exploitation and help the industry. Please, find further information in Landis+Gyr Vulnerability Management Policy Summary

"Vulnerabilities exist. It is the question, how they are handled, that make the difference."

Identification

  • Any person or organization is encouraged to submit a report or contact the Landis+Gyr productCERT team about a discovered security flaw or vulnerability within a Landis+Gyr product, solution, or services.
  • Provide a clear consent on disclosing identity or contact information in further reports to Landis+Gyr partners, customers, or the wish to stay anonymous.
  • To protect sensitive and confidential information by using encrypted communication.
  • Submitted reports will be acknowledged upon receipt by productCERT coordinator for follow-up on findings and agreement on further steps.
  • Landis+Gyr will acknowledge receipt to all elevated submitted reports in a swift and transparent manner.

Assessment

  • Landis+Gyr productCERT will analyze the report, verify the information, and validate the findings with the reporter to coordinate further activities.
  • The assessment of a validated vulnerability will usually go beyond the reported scope, to identify related problems in other products and services.
  • Depending on the severity and impact of the associated security flaw, Landis+Gyr will engage additional communication to notify partners, customers, and other entities as required or deemed appropriate.
  • The reporter will be informed about the outcome of the assessment.

Note: It can happen, that the parties disagree on the existence or severity of a vulnerability. In that case, independent party might be included for testing and analysis of vulnerability.

Treatment

  • Identified and validated vulnerabilities will be treated in an appropriate way to minimize or eliminate the risks of exploitation.
  • The treatment of a vulnerability will be tested also on additional supported products, solutions, services, and its versions.
  • The developed remediation solution will be available to the reporter for review and discussion.

Disclosure

  • We believe that reporters are submitting the findings of security vulnerabilities with ethical intentions to improve the industry.
  • Landis+Gyr productCERT is committed to improving its products and services. We request keeping any vulnerability finding confidential, to ensure mutual trust and flexibility in working with the productCERT team towards the release of a patch.
  • Based on consent, the reporter will be acknowledged as appropriate in disclosure communications.

NOTE: Landis+Gyr highly appreciates opportunities to improve its products and services. Keep in mind, testing for vulnerabilities has its own rules and limits. Landis+Gyr does not allow non sanctioned penetration tests against the company, products, or solutions without consent. The process described is designed for managing product and service vulnerabilities only and should not be used for solicitation or other types of product issues or requests.