December 9, 2023

A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. It has the potential to be exploited by cybercriminals

A team will detect the vulnerabilities that a potential attacker could exploit to carry out particular attacks on infrastructure and highlight the real impacts found out

The activity was targeted at not just known vulnerabilities, but also at zero-day vulnerabilities.Any zero day vulnerabilities found would be discreetly communicated to the manufacturer of the software to analyse and fix/patch the bug within 90 days

Schneider Electric, a European MNC which provides energy and automation solutions for efficiency and sustainability was the recent beneficiary of a few of the findings of this team.

The 6 vulnerabilities which are found are addressed below:


Vulnerability Description:  Unrestricted Upload of File with Dangerous Type


Vulnerability Description: Improper Restriction of XML External Entity Reference


Vulnerability Description: Windows Unquoted Search Path


Vulnerability Description: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting Stored)


Vulnerability Description: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting Reflected)


Vulnerability Description: Improper Access Control

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.