Report a potential vulnerability or security issue
1. Support Period for Connected Products
The Connected Product will have a minimum support period of 5 (five) years from its first commercial launch.
Mobile apps developed by De’Longhi will be made available on the latest publicly released iOS and Android Operating System version and will have a minimum support period of 3 (three) years from the first release of the mobile operating system by Apple and Google.
The first commercial launch for each connected product is reported in the tables below:
Comfort Appliances
| Model | First commercial launch |
|---|---|
| PAC EL112 CST WIFI | April, 1st - 2022 |
| PAC EX130 CST WIFI | April, 1st - 2022 |
| PAC EL110 WIFI | April, 1st - 2022 |
| DDSX220WFA | January, 1st - 2022 |
| DDSX220WF | September, 1st - 2019 |
Fully Automatic Coffee Machines
| Model | First commercial launch |
|---|---|
| ECAM650.85.XX | March, 2017 |
| ECAM370.85.XX | March, 2019 |
| ECAM610.75.XX | September, 2020 |
| ECAM450.65.XX | February, 2023 |
| ECAM450.86.XX | February, 2023 |
| ECAM452.67.XX | February, 2023 |
| ECAM630.35.XX | June, 2025 |
| ECAM630.55.XX | June, 2025 |
| ECAM630.75.XX | June, 2025 |
| ECAM630.35.XXX | June, 2025 |
| ECAM630.55.XXX | June, 2025 |
| ECAM630.75.XXX | June, 2025 |
| ECAM47X | March, 2026 |
Nespresso Coffee Machines
| Model | First commercial launch |
|---|---|
| ENV300 | March, 1st - 2023 |
| ENV90 | March, 2025 |
| ENV95 | March, 2025 |
| ENV120 | March, 2025 |
| ENV200 | March, 2026 |
2. Report a potential vulnerability or security issue
De’Longhi encourages its consumers to report security issues.
If you believe you have spotted a potential vulnerability or security issue in one of our connectable products, please click on this link and select the Cyber security issue from the message category menu.
Important information: De’Longhi commits itself to acknowledge receipt of the vulnerability report, as well as to provide an estimated period for conducting the proper verifications and to notify the completion of the vulnerability fixing.
Our standard response time to acknowledge receipt of vulnerability reports is 5 working days.
Status updates of reported vulnerabilities will be disclosed when relevant information becomes available and investigations are completed.
Please be informed the form is to report security vulnerabilities or issues only. Any reporting or complaint not falling within this scope will not be taken into consideration. Please contact us through alternative channels.
3. Vulnerabilities Bulletin
| Vulnerability ID | Affected products | Title | Publication Date | Last Update |
|---|
