Research Advisory - Responsible Disclosure 7 - Multiple devices
Case Number
268363
Disclosure Timeline
02/Mar/2019 - Vulnerability reported
06/Mar/2019 - POC submitted
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019- M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider responded that Reported vulnerability is Still
being evaluated
06/Apr/2019 - C3i Cleared the query of M/s. Schneider.
06/Mar/2019 - POC submitted
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019- M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider responded that Reported vulnerability is Still
being evaluated
06/Apr/2019 - C3i Cleared the query of M/s. Schneider.
Make
Schneider Electric
Part No.
BMXP342020 and BMXNOR0200H
Product
Multiple Devices
CVE Number
CVE-2019-6812
Date
Status
Confirmed
Vulnerability
Hard-coded credentials in Firmware