A zero-day vulnerability is a software security flaw that is known to the software vendor but doesn’t have a patch in place to fix the flaw. It has the potential to be exploited by cybercriminals

A team will detect the vulnerabilities that a potential attacker could exploit to carry out particular attacks on infrastructure and highlight the real impacts found out

The activity was targeted at not just known vulnerabilities, but also at zero-day vulnerabilities.Any zero day vulnerabilities found would be discreetly communicated to the manufacturer of the software to analyse and fix/patch the bug within 90 days

Schneider Electric, a European MNC which provides energy and automation solutions for efficiency and sustainability was the recent beneficiary of a few of the findings of this team.

The 6 vulnerabilities which are found are addressed below:

CVE-2020-7569

Vulnerability Description:  Unrestricted Upload of File with Dangerous Type

CVE-2020-7572 

Vulnerability Description: Improper Restriction of XML External Entity Reference

CVE-2020-28209

Vulnerability Description: Windows Unquoted Search Path

CVE-2020-7570

Vulnerability Description: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting Stored)

CVE-2020-7571

Vulnerability Description: Improper Neutralization of Input During Web Page Generation (Cross-Site Scripting Reflected)

CVE-2020-7573

Vulnerability Description: Improper Access Control