LEM PSIRT

The LEM Product Security Incident Response Team (LEM PSIRT) oversees the process for receiving and responding to reports of potential security vulnerabilities in LEM hardware and software products. LEM PSIRT is dedicated to resolving identified security issues promptly and providing thorough guidance on mitigation strategies and solutions as appropriate. Stakeholders who identify potential security vulnerabilities in our products are encouraged to contact LEM PSIRT directly.

How to report a potential security vulnerability

To report a potential security vulnerability, please send a report to: productsecurity@lem.com

All exchanges and reports must be provided in English. LEM International SA., acting on behalf of itself, its affiliates, and subsidiaries of LEM Holding SA (collectively referred to as “LEM”), is committed to addressing all reports of potential security vulnerabilities and related communications (“Report(s)”) with the utmost seriousness. By submitting Your Report, You confirm Your authority to do so and grant LEM the rights required to evaluate, verify, document, remediate, or otherwise process the information for security purposes.

To ensure secure communication, PGP encryption is mandatory when submitting vulnerability or incident information.

LEM’s official PSIRT public PGP key is available on this page and must be used to encrypt your report before transmission. OpenPGP compatible tools may be used, including  Gpg4win.

-----BEGIN PUBLIC KEY-----
mDMEacD8SxYJKwYBBAHaRw8BAQdArvWH382BWMEIrM6i4AzqV0+/uftmgn2osP5b
REARdyy0I0xFTSBQU0lSVCA8cHJvZHVjdHNlY3VyaXR5QGxlbS5jb20+iLUEExYK
AF0WIQSYR0TEHYWfrt7ZZVko4pjdndNM9QUCacD8SxsUgAAAAAAEAA5tYW51Miwy
LjUrMS4xMiwyLDECGwMFCQWlDOUFCwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AA
CgkQKOKY3Z3TTPX2jgD+I0kVEjRfSIKxSwHjyNLtHX+FWXokfju6YWuDv0luzwkB
AMvzGgOGGfmYi+PQscuIBcIrHosWCUYuWwbTbk2DraoBuDgEacD8SxIKKwYBBAGX
VQEFAQEHQK/f3ETrpR7Q8Jkn9XfOu28FuFLGsLOy9eUmJ3zZ3zVOAwEIB4iaBBgW
CgBCFiEEmEdExB2Fn67e2WVZKOKY3Z3TTPUFAmnA/EsbFIAAAAAABAAObWFudTIs
Mi41KzEuMTIsMiwxAhsMBQkFpQzlAAoJECjimN2d00z1mPsBAKGwCxMHQvHI2IUq
TSFb3PbxJ3F0JmtokFDO/oPSHC2rAP9zoCAJn4I219TXR3xvZSf2arFHPhn7o55t
ISChOtIzAQ==
=zX8A
-----END PUBLIC KEY-----

To submit your encrypted report:

1. Download and install a PGP/GPG tool such as Gpg4win (Windows) or any other OpenPGP compatible client.
2. Import LEM’s PSIRT public key into your PGP software.
3. Encrypt your report and any sensitive attachments using LEM’s public key.
4. Attach the encrypted file to your email and send it to productsecurity@lem.com. 
5. Don't forget to Include your own public PGP key in the email body to get secured reply from LEM.

Information required by LEM PSIRT

To allow proper processing of your report, please include at minimum:

• LEM product identification (part number, product reference, hardware/software version)
• Detailed technical description of the potential vulnerability and known exploits
• Method and timing of discovery
• Information about any public disclosure already made or planned
• Contact information

Insufficient information may prevent LEM from evaluating the request.

Potential vulnerability management process

LEM PSIRT will address reported potential security vulnerabilities in accordance with the established process outlined below:

1. Reporting a new vulnerability: LEM PSIRT will acknowledge receipt of the reported issue.
2. Evaluation: LEM PSIRT will assess the reported potential vulnerability to determine if an issue exists, conduct analysis, and assign a priority for managing valid issues. LEM PSIRT may contact you if additional information or clarification is required regarding the original report.
3. Solving: LEM PSIRT will investigate potential solutions and mitigations to address valid issues.
4. Communicating: Once a solution is available (fix or mitigation), LEM PSIRT will communicate back to You and others where appropriate.

If you wish to find out more about the security status of a particular LEM product, please contact your LEM sales representative.