CRGL
Company Details
Linkedin ID:
china-railway-group-limited
Website:
Employees number:
1,793
Number of followers:
8,272
NAICS:
237
Industry Type:
Homepage:
crec.cn
IP Addresses:
0
Company ID:
CHI_6229589
Scan Status:
In-progress
China Railway Group Limited Company CyberSecurity Posture
crec.cn
China Railway Group Limited is a civil engineering company based out of Beijing, China.
China Railway Group Limited A.I CyberSecurity Scoring
CRGL Risk Score (AI oriented)Between 750 and 799
CRGL
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CRGL Global Score (TPRM)XXXX
CRGL
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CRGL Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
CRGL Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CRGL
Incidents vs Civil Engineering Industry Average (This Year)
No incidents recorded for China Railway Group Limited in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for China Railway Group Limited in 2025.
Incident Types CRGL vs Civil Engineering Industry Avg (This Year)
No incidents recorded for China Railway Group Limited in 2025.
Incident History — CRGL (X = Date, Y = Severity)
CRGL cyber incidents detection timeline including parent company and subsidiaries
CRGL Company Subsidiaries
China Railway Group Limited is a civil engineering company based out of Beijing, China.
Loading...
CRGL Similar Companies
Some 45 years ago, we set out with the ambitious goal of providing affordable housing, working to make Brazilian dreams come true. Over the last few years, we have crafted and shaped our story, becoming a brand-leading platform that offers a variety of housing solutions for individuals and families
UEM Group Berhad
We are UEM Group Berhad (UEM Group), one of Malaysia's leading engineering-based infrastructure and services conglomerate with an established track record and global operations. We have the ability, expertise and resources to deliver and manage key infrastructure development projects and services
Downer
Enabling communities to thrive. It’s what we’ve done for more than 150 years. Solving problems. Making the extraordinary run smoothly every day. We’re keeping the lights on and the water flowing. Running the hospitals that take care of us. Delivering the transport that takes us from A to B. Mainta
Water and Power Development Authority
Water and Power Development Authority (WAPDA) has been dominating the national economic scene of Pakistan for well over 50 years now. WAPDA is given the following charter of duties: generation, transmission and distribution of power; Irrigation, water supply and drainage; Prevention of waterlogging
Founded in 1944, Parsons Corporation, a digitally enabled solutions provider, is focused on creating the future of the defense, intelligence, and critical infrastructure markets. From Earth to outer space, we deliver tomorrow’s solutions today. Equipped with the capabilities required to take on any
SNC-Lavalin
SNC Lavalin is now AtkinsRéalis. Please follow AtkinsRéalis on LinkedIn. We are a world-class engineering services and nuclear organization. We connect people, data and technology to transform the world’s infrastructure and energy systems. Together, with our industry partners and clients, and our
Tetra Tech is a leading, global provider of consulting and engineering services. We are differentiated by Leading with Science® to provide innovative technical solutions to our clients. We support global commercial and government clients focused on water, environment, sustainable infrastructure, ren
Mott MacDonald
Mott MacDonald is an employee-owned engineering, development and management consultancy, with more than 20,000 people in over 50 countries. We plan, design, deliver and maintain the transport, energy, water, buildings and wider infrastructure that is integral to people’s daily lives. Our core streng
GHD
We are committed to addressing the world’s biggest challenges in the areas of water, energy and communities. GHD is a global network of multi-disciplinary professionals providing clients with integrated solutions through engineering, environmental, design and construction expertise. Our future-focu
.png)
CRGL CyberSecurity News
November 13, 2025 05:09 AM
Railway Cyber Security Market Size Worth USD 16.0 Billion, Globally, by 2033 at a CAGR of 7.98%
Press release - IMARC Group - Railway Cyber Security Market Size Worth USD 16.0 Billion, Globally, by 2033 at a CAGR of 7.98% - published on...
October 31, 2025 07:00 AM
China Railway Group's Q3 Profit Falls 10%; Hong Kong Shares Down 4%
China Railway Group reported 5.7 million yuan in attributable profit for the third quarter, 10% lower from a year earlier, according to a...
October 14, 2025 07:00 AM
China and Russia posing ‘significant threat’ to UK in cyberspace, NCSC warns
The National Cyber Security Centre faced a record number of nationally significant incidents in 2024-25.
September 25, 2025 12:12 PM
Railway Cybersecurity Market Trend | CAGR of 9.3%
Global Railway Cybersecurity Market Size, Share, Industry Analysis Report By Component (Solution (Risk and Compliance Management, Threat Intelligence and...
September 25, 2025 07:00 AM
Railway Cyber Security Market Size to Hit USD 16.0 Billion in 2033
Market Overview: According to IMARC Group's latest research publication, "Railway Cyber Security Market: Global Industry Trends, Share,...
July 30, 2025 07:00 AM
Railway Cybersecurity Industry Outlook Report 2025-2034 |
The railway cybersecurity market is projected to grow from USD 11.7 billion in 2025 to USD 28.7 billion by 2034, driven by a 10.5% CAGR.
July 18, 2025 07:00 AM
Cyber war | Outsmarting the hacker army
Twenty-first century warfare isn't limited to ground, air and naval forces. With vital domains like defence, finance and communications...
July 17, 2025 07:00 AM
China-linked hackers target Taiwan’s chip industry with increasing attacks, researchers say
Chinese-linked hackers are targeting the Taiwanese semiconductor industry and investment analysts as part of a string of cyber espionage campaigns, researchers...
May 28, 2025 07:00 AM
Operation Sindoor and India’s Cyber Threat Landscape
As India launched Operation Sindoor, cyberspace turned into a war theatre—with malware, disinformation, and digital offensives—marking a new...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CRGL CyberSecurity History Information
Official Website of China Railway Group Limited
The official website of China Railway Group Limited is http://www.crec.cn.
China Railway Group Limited’s AI-Generated Cybersecurity Score
According to Rankiteo, China Railway Group Limited’s AI-generated cybersecurity score is 795, reflecting their Fair security posture.
How many security badges does China Railway Group Limited’ have ?
According to Rankiteo, China Railway Group Limited currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does China Railway Group Limited have SOC 2 Type 1 certification ?
According to Rankiteo, China Railway Group Limited is not certified under SOC 2 Type 1.
Does China Railway Group Limited have SOC 2 Type 2 certification ?
According to Rankiteo, China Railway Group Limited does not hold a SOC 2 Type 2 certification.
Does China Railway Group Limited comply with GDPR ?
According to Rankiteo, China Railway Group Limited is not listed as GDPR compliant.
Does China Railway Group Limited have PCI DSS certification ?
According to Rankiteo, China Railway Group Limited does not currently maintain PCI DSS compliance.
Does China Railway Group Limited comply with HIPAA ?
According to Rankiteo, China Railway Group Limited is not compliant with HIPAA regulations.
Does China Railway Group Limited have ISO 27001 certification ?
According to Rankiteo,China Railway Group Limited is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of China Railway Group Limited
China Railway Group Limited operates primarily in the Civil Engineering industry.
Number of Employees at China Railway Group Limited
China Railway Group Limited employs approximately 1,793 people worldwide.
Subsidiaries Owned by China Railway Group Limited
China Railway Group Limited presently has no subsidiaries across any sectors.
China Railway Group Limited’s LinkedIn Followers
China Railway Group Limited’s official LinkedIn profile has approximately 8,272 followers.
NAICS Classification of China Railway Group Limited
China Railway Group Limited is classified under the NAICS code 237, which corresponds to Heavy and Civil Engineering Construction.
China Railway Group Limited’s Presence on Crunchbase
No, China Railway Group Limited does not have a profile on Crunchbase.
China Railway Group Limited’s Presence on LinkedIn
Yes, China Railway Group Limited maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/china-railway-group-limited.
Cybersecurity Incidents Involving China Railway Group Limited
As of November 27, 2025, Rankiteo reports that China Railway Group Limited has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
China Railway Group Limited has an estimated 5,709 peer or competitor companies worldwide.
China Railway Group Limited CyberSecurity History Information
How many cyber incidents has China Railway Group Limited faced ?
Total Incidents: According to Rankiteo, China Railway Group Limited has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at China Railway Group Limited ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=china-railway-group-limited' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
