
A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. It has the potential to be exploited by cybercriminals
A team will detect the vulnerabilities that a potential attacker could exploit to carry out particular attacks on infrastructure and highlight the real impacts found out
The activity was targeted at not just known vulnerabilities, but also at zero-day vulnerabilities.Any zero day vulnerabilities found would be discreetly communicated to the manufacturer of the software to analyse and fix/patch the bug within 90 days
Schneider Electric, a European MNC which provides energy and automation solutions for efficiency and sustainability was the recent beneficiary of a few of the findings of this team.
The 6 vulnerabilities which are found are addressed below:
CVE-2020-7569
Vulnerability Description:Â Â Unrestricted Upload of File with Dangerous Type
CVE-2020-7572
Vulnerability Description: Improper Restriction of XML External Entity Reference
CVE-2020-28209
Vulnerability Description: Windows Unquoted Search Path
CVE-2020-7570
Vulnerability Description: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting Stored)
CVE-2020-7571
Vulnerability Description:Â Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting Reflected)
CVE-2020-7573
Vulnerability Description: Improper Access Control