CHC is a full-service digital network engineering firm that delivers solutions including fielding, engineering design, permitting, project management, and process development. We are building tomorrow, together.
Enabling communities to thrive. It’s what we’ve done for more than 150 years. Solving problems. Making the extraordinary run smoothly every day. We’re keeping the lights on and the water flowing. Running the hospitals that take care of us. Delivering the transport that takes us from A to B. Maintaining communication networks that keep people connected. Helping our Government and Defence customers keep them protected. Delivering train fleets. Building bridges, roads and streets. Now we’re building momentum too. Moving forward even faster. Across Australia and New Zealand, we’re transforming the way we work. Unlocking our potential to lead by example. Using our passion and expertise to deliver complex projects and turn fresh ideas into solutions that make society a better place. Creating opportunities for our people, growth and value for our shareholders, and world-class solutions for our customers. Imagining. Innovating. Engineering. Enabling.
Security & Compliance Standards Overview
No incidents recorded for CHC Consulting, a Congruex Company in 2025.
No incidents recorded for Downer in 2025.
CHC Consulting, a Congruex Company cyber incidents detection timeline including parent company and subsidiaries
Downer cyber incidents detection timeline including parent company and subsidiaries
Last 3 Security & Risk Events by Company
The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘percentage’ parameter in all versions up to, and including, 5.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
The ComboServlet in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit the number or size of the files it will combine, which allows remote attackers to create very large responses that lead to a denial of service attack via the URL query string.
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine.
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine.
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.
