Report a security incident

If you have the feeling that one of your connected devices has a security incident, then it is vital for your personal safety to take immediate action!  Please follow the below mentioned instructions  to report a security incident.

Please send all the required information by email to security-incident-on-iot@legrand.com.
The safest way is to send an encrypted email. If you have never send an encrypted email you can check this link.

• Give us you contact name, organisation (if you are a professional) and country name
• Report the incident including all vulnerability details  such as product name ,model and firmware version, and  how your configuration is set up  (which platforms do you use )
• Indicate how the incident ocured, and what actions you have taken 
• Inform us about the impact of the security incident.  What is the result of the incident up to the report moment ?
• Include print screens of what you have experienced when using the app, that is unnormal

We will acknowledge the receipt of your message within a maximum 3 of days,  and we will come back to you for further information.  The proceed of the incident should take a maximum of 10 days and you will receive our conclusion by return mail.

Fixing the security issue.
If the incident is confirmed by us, we will proceed to the root cause analysis and determine the best solution to fix the security issue.  You may be involved during the testing phase to ensure the incident is properly fixed.

Once the security update is released Legrand will prepare and release a public security notification.  This can take up a maximum of 90 days since your initial reporting of the incident before we will release the notification . We use this period to provide all our customers with a solution to protect their connected products 

The security and confidentiality of user data is vital for Legand.  We make every effort to ensure an optimal level of security and to minimise the fraudulent use of its solutions!