3/Jan/2019 - Vulnerability reported
8/Jan/2019 - Schneider acknowledge & requested for detailed description
9/Jan/2019 - POC submitted to M/s. Schneider
17/Jan/2019 - M/s. Schneider requested for any update
31/Jan/2019 - M/s. Schneider electric responded that their team is working on confirming the vulnerability
04/Feb/2019 - Threat-Mitigation techniques submitted
15/Feb/2019 - M/s. Schneider electric requested for POC with Unity Pro
18/Feb/2019 - POC using Unity pro application submitted
21/Feb/2019 - M/s. Schneider electric requested for compromised version and python scripts
22/Feb/2019 - Version details with python scripts submitted
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019- M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider responded that Attack scenario still under
investigation by security team
2019-04-05 - C3iAdvisory asked an update to Schneider.
2019-04-25 - C3iAdvisory asked an update about this to Schneider.
2019-04-26 - M/s. Schneider requested some additional information about this vulnerability.
2019-04-26 - C3iAdvisory gave additional information to the Schneider.
2019-04-27 - M/s. Schneider is discussing to his security team about more technical details to identify the vulnerability.
2019-04-27 - C3iAdvisory cleared some doubt to Schneider about vulnerable product.
2019-04-29 - M/s. Schneider explained to C3iAdvisory about the vulnerable product.
2019-04-30 - C3iAdvisory completely denied about the details of vulnerable product, which was preposterous to us. And C3iAdvisory again passed the more technical details about the vulnerable product.
2019-05-02 - M/s. Schneider acknowledged to us about this.
2019-05-03 - C3iAdvisory asked an update about this and shared some file which was showing the vulnerability point.
2019-05-03 - M/s. Schneider denied our point.
2019-05-08 - C3iAdvisory agreed on their point and talked about only the attack vector.
2019-05-08 - M/s. Schneider security team is still discussing about this, but still couldn't coalesces the thing to mitigate this vulnerability point.
2019-05-10 - C3iAdvisory asked an update about this.
2019-05-13 - M/s. Schneider is still discussing about this to his security team.
2019-05-22 - C3iAdvisory again sent some technical information and attachment file about the vulnerability and product also.
2019-05-22 - M/s. Schneider again raised some query about the same.
2019-05-24 - C3iAdvisory ignored all the point of Schneider and highlighted the attack vector and also impact of this vulnerability.
2019-05-24 - M/s. Schneider appreciated our details and explanations, now Schneider is actively reviewing and discussing about this with his security team.
2019-06-03 - C3iAdvisory asked to Schneider about the updates.
2019-06-03 - M/s. Schneider is waiting for the update from his security team about this.
2019-06-05 - C3iAdvisory acknowledged their mail and waiting for a reply.
2019-06-05 - M/s. Schneider team confirmed the vulnerability now after deeper analysis and is developing the action plan.
2019-06-13 - C3iAdvisory thanks to M/s. Schneider for confirming this vulnerability after a long conversation.