Product Security and Coordinated Vulnerability Disclosure (CVD) Process
At Leica Microsystems, we develop products that help our customers to gain new insights. Insights that help to advance science, patient outcome, and gain insights for key questions concerning research, development, and engineering. To achieve this, we uphold core values that define our responsibility to those we serve. Among them are an unwavering commitment to the safety and security of our instruments and services. Therefore, we believe in continuous improvement in order to address the ever-evolving privacy and cybersecurity landscape.
In response to potential threats to cybersecurity, Leica Microsystems has formed a global product security expert team to assess vulnerabilities and determine responses within a coordinated vulnerability disclosure (CVD) process. These efforts allow the company to continually learn from vulnerability test information submitted to us by customers and security researchers.
For the latest product detail information, please visit
Subscribe now to stay up to date on the latest Leica product data security vulnerabilities and privacy issues
This CVD process applies to the reporting of potential cybersecurity vulnerabilities in Leica Microsystems products and services.
For customer support help requests, technical documents and regulatory contacts and notifications, please contact Support.
Contact information and CVD submission process
Potential security vulnerabilities or privacy issues with a Leica Microsystems product should be reported to: ProductSecurity(at)leica-microsystems(dot)com. We ask that you please refrain from including sensitive information (e.g., sample information, PHI, PII, etc.) as a part of any submissions to Leica Microsystems. Please provide the following information in your submission:
- Your contact information (e.g., name, address, phone number, and email)
- Date and method of discovery
- Description of potential vulnerability
- Product name
- Version number
- Configuration details
- Steps to reproduce
- Tools and methods
- Exploitation code
- Privileges required
- Results or impact
What happens next
Upon receipt of a potential product vulnerability submission, Leica Microsystems will:
- Acknowledge receipt of the submission within five (5) business days
- Work with specialized product teams to evaluate and validate reported findings
- Contact the submitter to request additional information, if needed
- Take appropriate action
Leica Microsystems considers it a top priority to protect the health and safety, as well as the personal information, of our customers' patients.
When conducting your security research, please avoid actions that could cause harm to patients or products. Note that vulnerability testing could negatively impact a product. As such, testing should not be conducted on active products in a clinical setting, and products subjected to security testing should not subsequently be used in a clinical setting. If there is any doubt, please contact a Leica Microsystems representative.
Leica Microsystems reserves the right to modify its coordinated vulnerability disclosure process at any time, without notice, and to make exceptions to it on a case-by-case basis. No particular level of response is guaranteed. However, if a vulnerability is verified, we will attribute recognition to the researcher reporting it, if requested.
CAUTION: Do not include sensitive information (e.g., sample information, PHI, PII, etc.) in any documents submitted to Leica Microsystems. Comply with all laws and regulations in the course of your testing activities.
Note: When sharing any information with Leica Microsystems, you agree that the information you submit will be considered non-proprietary and non-confidential and that Leica Microsystems is allowed to use such information in any manner, in whole or in part, without any restriction.