20/Dec/2018 - Vulnerability reported
22/Dec/2018 - Schneider acknowledge & requested for detailed description
01/Jan/2019 - POC submitted to M/s. Schneider
08/Jan/2019 - M/s. Schneider opened a case to investigate
31/Jan/2019 - M/s. Schneider electric requested for the script
04/Feb/2019 - Exploit submitted
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019 - M/s. Schneider closed the case. Considering it [communication protocol vulnerability] as a vulnerability of web
18/Mar/2019 - C3i center requested to open the case again
18/Mar/2019 - M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider asked for some information of the application
which used during attack
05/Apr/2019 - C3i Provided the information of some application which used
in the attack and cleared some query
06/Apr/2019 - Forked this vulnerability, And M/s. Schneider asked for an
exploit, version and some configuration file of the device
10/Apr/2019 - C3i Provided the Exploit and some other information also
25/Apr/2019 - C3i asked an update about these two vulnerability.
26/Apr/2019 - M/s. Schneider need some time to identify forked(second) vulnerability.
27/Apr/2019 - C3i again asked an update about this.
29/Apr/2019 - M/s. Schneider created a security notification for these two vulnerability.
3/May/2019 - C3i asked to Schneider for share a CVE number for these two vulnerability.
2019-05-03 - M/s. Schneider shared a CVE number for same, but yet they didn't find any patch for this.
2019-05-10 - C3i reported one more vulnerability, and asked for a case number to Schneider.
2019-06-20 - M/s. Schneider confirmed this vulnerability and shared a case number.