Product
Undisclosed
Part No.
Undisclosed
Make
Schneider Electric
Vulnerability
Reported
Disclosure Timeline
20/Dec/2018 - Vulnerability reported
22/Dec/2018 - Schneider acknowledge & requested for detailed description
01/Jan/2019 - POC submitted to M/s. Schneider
08/Jan/2019 - M/s. Schneider opened a case to investigate
31/Jan/2019 - M/s. Schneider electric requested for the script
04/Feb/2019 - Exploit submitted
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019 - M/s. Schneider closed the case. Considering it [communication protocol vulnerability] as a vulnerability of web
18/Mar/2019 - C3i center requested to open the case again
18/Mar/2019 - M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider asked for some information of the application
which used during attack
05/Apr/2019 - C3i Provided the information of some application which used
in the attack and cleared some query
06/Apr/2019 - Forked this vulnerability, And M/s. Schneider asked for an
exploit, version and some configuration file of the device
10/Apr/2019 - C3i Provided the Exploit and some other information also

This site is under Maintenance