CVE Number Product Part No. Case number Make Vulnerability Disclosure Timeline Status
Research Advisory - Vulnerable Disclosure 9 PLC Undisclosed Rockwell Automation 17/May/2019 - C3i VAPT Team share some information about this vulnerability to the Rockwell Automation.
17/May/2019 - M/s Rockwell Automation acknowledged to C3iAdvisory with PGP key.
Research Advisory - Vulnerable Disclosure 8 Scada Software Undisclosed LFSec00000136 Schneider Electric Reported 22/Apr/2019 - Security researcher of the Aveva asked about
the Vulnerability
24/Apr/2019 - C3i Provided the POC & Vulnerability report.
25/Apr/2019 - Aveva opened an investigation case
Confirmed
Research Advisory - Responsible Disclosure 7 - Multiple devices Multiple Devices Undisclosed 268363 Schneider Electric Reported 02/Mar/2019 - Vulnerability reported
06/Mar/2019 - POC submitted
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019- M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider responded that Reported vulnerability is Still
being evaluated
06/Apr/2019 - C3i Cleared the query of M/s. Schneider.
Confirmed
Research Advisory - Responsible Disclosure 6 Multiple Devices Undisclosed 268361 Schneider Electric Reported 15/Feb/2019 - Vulnerability reported
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019- M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider requested to C3i for a Python scripts & Reported
vulnerability is still being evaluated
05/Apr/2019 - C3i sent exploit of vulnerability and gave some other
information of application which used during the attack
Confirmed
Research Advisory - Responsible Disclosure 5 - Multiple devices Multiple Devices Undisclosed 266323 Schneider Electric Reported 14/Feb/2019 - Vulnerability reported
15/Feb/2019 - M/s. Schneider acknowledge & created a case to investigate
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019- M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider responded that Action plan definition in progress
with R&D
Confirmed
Research Advisory - Responsible Disclosure 4 HMI Undisclosed 264781 Schneider Electric Reported 3/Jan/2019 - Vulnerability reported
8/Jan/2019 - Schneider acknowledge & requested for detailed description
9/Jan/2019 - POC submitted to M/s. Schneider
17/Jan/2019 - M/s. Schneider requested for any update
31/Jan/2019 - M/s. Schneider electric responded that their team is working on confirming the vulnerability
04/Feb/2019 - Threat-Mitigation techniques submitted
15/Feb/2019 - M/s. Schneider electric requested for POC with Unity Pro
18/Feb/2019 - POC using Unity pro application submitted
21/Feb/2019 - M/s. Schneider electric requested for compromised version and python scripts
22/Feb/2019 - Version details with python scripts submitted
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019- M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider responded that Attack scenario still under
investigation by security team
Under Investigation
Research Advisory - Vulnerable Disclosure 3 - Multiple Vulnerabilities RTU Undisclosed 263956 Schneider Electric Reported 1/Jan/2019 - Vulnerability reported
08/Jan/2019 - M/s. Schneider opened a case to investigate
04/Feb/2019 - C3i asks for an update
05/Feb/2019 - M/s. Schneider confirmed the vulnerability & are currently working on an action plan.
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019- M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
Confirmed
Research Advisory - Vulnerable Disclosure 2 - Multiple Vulnerabilities Undisclosed Undisclosed 2.1 - 263953 , 2.2 - 263954 Schneider Electric Reported 20/Dec/2018 - Vulnerability reported
22/Dec/2018 - Schneider acknowledge & requested for detailed description
01/Jan/2019 - POC submitted to M/s. Schneider
08/Jan/2019 - M/s. Schneider opened a case to investigate
31/Jan/2019 - M/s. Schneider electric requested for the script
04/Feb/2019 - Exploit submitted
08/Mar/2019 - C3i Center asks for an update
18/Mar/2019 - M/s. Schneider closed the case. Considering it [communication protocol vulnerability] as a vulnerability of web
18/Mar/2019 - C3i center requested to open the case again
18/Mar/2019 - M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
27/Mar/2019 - M/s. Schneider asked for some information of the application
which used during attack
05/Apr/2019 - C3i Provided the information of some application which used
in the attack and cleared some query
06/Apr/2019 - Forked this vulnerability, And M/s. Schneider asked for an
exploit, version and some configuration file of the device
10/Apr/2019 - C3i Provided the Exploit and some other information also
2.1 - Confirmed , 2.2 - Confirmed
Research Advisory - Responsible Disclosure 1 CVE-2018-7811 PLC BMXP342020 257363 Schneider Electric CSRF 22/Nov/2018 - 1 issue reported
23/Nov/2018 - Schneider releases their advisory
30/Nov/2018 - NVD published date
18/Mar/2019- M/s. Schneider requested for a list of all vulnerabilities
19/Mar/2019 - C3i Center shared a list of vulnerabilities reported yet
20/Mar/2019 - M/s. Schneider thanks to C3i center and agreed to provide update on all the cases by early next week.
21/Mar/2019 - C3i Center acknowledged their mail and awaiting for their valuable response
05/Apr/2019 - C3i asked an update on this
Confirmed

This site is under Maintenance