Product
Undisclosed
Part No.
Undisclosed
Make
Schneider Electric
Vulnerability
Reported
Disclosure Timeline
20/Dec/2018 - Vulnerability reported
22/Dec/2018 - Schneider acknowledge & requested for detailed description
01/Jan/2019 - POC submitted to M/s. Schneider
08/Jan/2019 - M/s. Schneider opened a case to investigate
31/Jan/2019 - M/s. Schneider electric requested for the script
04/Feb/2019 - Exploit submitted
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019 - M/s. Schneider closed the case. Considering it [communication protocol vulnerability] as a vulnerability of web
18/Mar/2019 - C3i center requested to open the case again
18/Mar/2019 - M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider asked for some information of the application
which used during attack
05/Apr/2019 - C3i Provided the information of some application which used
in the attack and cleared some query
06/Apr/2019 - Forked this vulnerability, And M/s. Schneider asked for an
exploit, version and some configuration file of the device
10/Apr/2019 - C3i Provided the Exploit and some other information also
Status
2.1 - Confirmed 2.2 - Confirmed 2.3 - Confirmed
Case number
2.1 - 263953 , 2.2 - 263954 , 2.3 - 263954

This site is under Maintenance