Research Advisory - Responsible Disclosure 5 - Multiple devices

Submitted by user123 on Fri, 07/23/2021 - 17:03
Product
Multiple Devices
Part No.
BMXNOR0200H
Make
Schneider Electric
Vulnerability
Hard-coded credentials in Firmware
Disclosure Timeline
14/Feb/2019 - Vulnerability reported
15/Feb/2019 - M/s. Schneider acknowledge & created a case to investigate
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019- M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider responded that Action plan definition in progress
with R&D
Status
Confirmed
Case Number
266323
CVE Number
CVE-2019-6812
Date