RD No. CVE Number / Case Number Date OEM Product Version/Part No. Vulnerability Status
Research Advisory - Vulnerable Disclosure 15 15.1 - 000160 - CVE-2020-7802 , 15.2 - 000161 - CVE-2020-7801 SSS(Synergy Systems & Solutions) 15.1 - RTU 15.2 - RTU Version - RTU 6049-E70 15.2 Default Permission, 15.2 Unauthorized Actor Confirmed
Research Advisory - Vulnerable Disclosure 14 14.1 - 000150 - CVE-2020-7800 , 14.2 - 000151 - CVE-2019-16879 SSS(Synergy Systems & Solutions) 14.1- RTU 14.2 - RTU Version - RTU 6049-E70 14.1 Improper check for unusual, 14.2 No authentication of function Confirmed
Research Advisory - Vulnerable Disclosure 13 13.1 - 000140 - CVE-2019-20046 , 13.2 - 000141 - CVE-2019-20045 SSS(Synergy Systems & Solutions) 13.1- RTU 13.2 - RTU Version - RTU 6049-E70 13.1 - Improper authentication, 13.2 - Improper input validation Confirmed
Research Advisory - Vulnerable Disclosure 12 0001655 Schneider Electric PLC Undisclosed Undisclosed Confirmed
Research Advisory - Vulnerable Disclosure 11 Rockwell Automation PLC Micrologix 1100 1. XSS 2. RFI Under Investigation
Research Advisory - Vulnerable Disclosure 10 ICSA-19-290-01 Aveva Aveva Vijeo Citect & Schneider Citect Version-7.50 Server Crash Confirmed
Research Advisory - Vulnerable Disclosure 9 Rockwell Automation PLC Undisclosed Undisclosed Under Investigation
Research Advisory - Vulnerable Disclosure 8 CVE-2019-10981 Aveva Aveva Vijeo Citect & Schneider Citect Version - 7.40 Credentials Leaking in Memory Dump. Confirmed
Research Advisory - Responsible Disclosure 7 - Multiple devices CVE-2019-6812 Schneider Electric Multiple Devices BMXP342020 and BMXNOR0200H Hard-coded credentials in Firmware Confirmed
Research Advisory - Responsible Disclosure 6 CVE-2019-6813 Schneider Electric RTU BMX-NOR-0200H Agitate RTU by SNMP Truncate packet Confirmed
Research Advisory - Responsible Disclosure 5 - Multiple devices CVE-2019-6812 Schneider Electric Multiple Devices BMXNOR0200H Hard-coded credentials in Firmware Confirmed
Research Advisory - Responsible Disclosure 4 4.1 - CVE-2019-6833 Schneider Electric HMI 4.1 - HMIGTO3510 4.1- Command stored in buffer 4.1 - Confirmed 4.2 - Pending
Research Advisory - Vulnerable Disclosure 3 - Multiple Vulnerabilities CVE-2019-6812 Schneider Electric RTU BMXP342020 Hard-coded credentials in Firmware Confirmed
Research Advisory - Vulnerable Disclosure 2 - Multiple Vulnerabilities 2.1 - CVE-2019-6831 2.2 - CVE-2019-6810 Schneider Electric 2.1 - RTU 2.2 - RTU 2.1 - BMX-NOR-0200H 2.2 - BMX-NOR-0200H 2.1 - DOS 2.2 - Unauthentic Command Execution 2.1 - Confirmed 2.2 - Confirmed 2.3 - Confirmed
Research Advisory - Responsible Disclosure 1 CVE-2018-7811 Schneider Electric PLC BMXP342020 CSRF Confirmed

Disclosure Timeline

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

DisclosureTimeline 12

 

Disclosure Timeline 11

 

 

Disclosure Timeline 10

 

 

Disclosure Timeline 9

 

 

Disclosure Timeline 8

 

 

Disclosure Timeline 7

 

 

Disclosure Timeline 6

 

 

Disclosure Timeline 5

 

 

Disclosure Timeline 4

 

 

Disclosure Timeline 3

 

 

 Disclosure Timeline 2

 

 

 

Disclosure Timeline 1

For any queries kindly mail us at  c3iadvisory@cse.iitk.ac.in

Download PGP Key

 

Copyright © 2020. All rights reserved

This site is under Maintenance