Research Advisory - Responsible Disclosure 4

Submitted by user123 on Fri, 07/23/2021 - 17:01
Part No.
4.1 - HMIGTO3510
Schneider Electric
4.1- Command stored in buffer
Disclosure Timeline
3/Jan/2019 - Vulnerability reported
8/Jan/2019 - Schneider acknowledge & requested for detailed description
9/Jan/2019 - POC submitted to M/s. Schneider
17/Jan/2019 - M/s. Schneider requested for any update
31/Jan/2019 - M/s. Schneider electric responded that their team is working on confirming the vulnerability
04/Feb/2019 - Threat-Mitigation techniques submitted
15/Feb/2019 - M/s. Schneider electric requested for POC with Unity Pro
18/Feb/2019 - POC using Unity pro application submitted
21/Feb/2019 - M/s. Schneider electric requested for compromised version and python scripts
22/Feb/2019 - Version details with python scripts submitted
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019- M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider responded that Attack scenario still under
investigation by security team
4.1 - Confirmed 4.2 - Pending
Case Number
CVE Number
4.1 - CVE-2019-6833