Comparison Overview

Q: Between Commission des services électriques de Montréal company and TATA Power company, which one has the best AI Cybersecurity Score ?

TATA Power company demonstrates a stronger AI Cybersecurity Score compared to Commission des services électriques de Montréal company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Q: Between Commission des services électriques de Montréal company and TATA Power company, which one has experienced more cyber incidents this year ?

In the current year, TATA Power company and Commission des services électriques de Montréal company have not reported any cyber incidents.

Q: Between Commission des services électriques de Montréal company and TATA Power company, which one has experienced at least one ransomware attack ?

Neither TATA Power company nor Commission des services électriques de Montréal company has reported experiencing a ransomware attack publicly.

Q: Between Commission des services électriques de Montréal company and TATA Power company, which one has experienced at least one data breach ?

Commission des services électriques de Montréal company has disclosed at least one data breach, while the other TATA Power company has not reported such incidents publicly.

Q: Between Commission des services électriques de Montréal company and TATA Power company, which one has experienced at least one targeted cyberattack ?

TATA Power company has reported targeted cyberattacks, while Commission des services électriques de Montréal company has not reported such incidents publicly.

Q: Between Commission des services électriques de Montréal company and TATA Power company, which one has experienced at least one vulnerability ?

Neither Commission des services électriques de Montréal company nor TATA Power company has reported experiencing or disclosing vulnerabilities publicly.

Q: Between Commission des services électriques de Montréal company and TATA Power company, which one holds the most compliance certifications ?

Neither Commission des services électriques de Montréal nor TATA Power holds any compliance certifications.

Q: Between Commission des services électriques de Montréal company and TATA Power company, which one has the most subsidiaries ?

TATA Power company has more subsidiaries worldwide compared to Commission des services électriques de Montréal company.

Commission des services électriques de Montréal

Last Update: 2025-11-24

View Profile

Between 700 and 749

http://csem.qc.ca/

Depuis 1910, la Commission des services électriques de Montréal (CSEM) s’emploie à promouvoir et à favoriser l’enfouissement des réseaux câblés sur tout le territoire de la ville. Pour ce faire, elle agit comme mandataire exclusif de la Ville de Montréal. Hydro-Québec est son plus important partenaire et elle dessert également de nombreuses organisations en matière de distribution d'énergie et de télécommunications. La CSEM coordonne les efforts de tous les intervenants afin d’offrir un réseau d’infrastructures fiable, sécuritaire et durable, et ce, tant au niveau souterrain qu’au niveau aérien. Au total, depuis sa création, la Commission des services électriques a développé un réseau souterrain qui s’étend sous toute l’île de Montréal ; ce qui représente 27,084 km de conduits, plus de 25 263 structures (20 176 puits d’accès et 2777 chambres de transformation) et 45 000 raccordements. La CSEM intervient également sur tous les projets de raccordement aux différents immeubles et bâtiments. La Commission des services électriques de Montréal demeure à ce jour le seul organisme public du genre au Canada.

NAICS: 22

NAICS Definition: Utilities

Employees: 78

Subsidiaries: 0

12-month incidents

Known data breaches

Attack type number

View Profile

TATA Power

Tata Power, Bombay House, 24 Homi Mody Street, Mumbai - 400 001, Mumbai, IN, 400009

Last Update: 2025-11-24

Between 750 and 799

http://www.tatapower.com

Tata Power is one of India’s largest integrated power companies and together with its subsidiaries and jointly controlled entities, has an installed/managed capacity of 14,294 MW. The Company has a presence across the entire power value chain - generation of renewable as well as conventional power including hydro and thermal energy, transmission & distribution, and trading. With 5,434 MW of clean energy generation from solar, wind, hydro, and waste heat recovery accounting for 38% of the overall portfolio, the company is a leader in clean energy generation. It has successful public-private partnerships in generation, transmission & distribution in India viz: Powerlinks Transmission Ltd. with Power Grid Corporation of India Ltd. for evacuation of Power from the Tala hydro plant in Bhutan to Delhi, Maithon Power Ltd. with Damodar Valley Corporation for a 1,050 MW Mega Power Project at Jharkhand. Tata Power is currently serving more than 12.9 million consumers via its Discoms, under a public-private partnership model viz Tata Power Delhi Distribution Ltd. with the Government of Delhi in North Delhi, TP Northern Odisha Distribution Limited, TP Central Odisha Distribution Limited, TP Western Odisha Distribution Limited, and TP Southern Odisha Distribution Limited with Government of Odisha. With a focus on sustainable and clean energy development, Tata Power is steering the transformation as an integrated solutions provider by looking at new business growth in distributed generation through rooftop solar and microgrids, storage solutions, EV charging infrastructure, ESCO, home automation & smart meters et al. In its 108 years track record of technology advancements, project execution excellence, world-class safety processes, customer care and green initiatives, Tata Power is well poised for multi-fold growth and is committed to lighting up lives for generations to come. For more information visit us at: www.tatapower.com

NAICS: 22

NAICS Definition: Utilities

Employees: 12,962

Subsidiaries: 1

12-month incidents

Known data breaches

Attack type number

https://images.rankiteo.com/companyimages/commission-des-services-electriques-de-montreal.jpeg

Commission des services électriques de Montréal

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

TATA Power

—

ISO 27001

Not verified

—

SOC2 Type 1

Not verified

—

SOC2 Type 2

Not verified

—

GDPR

Not verified

—

PCI DSS

Not verified

—

HIPAA

Not verified

Incidents vs Utilities Industry Average (This Year)

No incidents recorded for Commission des services électriques de Montréal in 2025.

Incidents vs Utilities Industry Average (This Year)

No incidents recorded for TATA Power in 2025.

Incident History — Commission des services électriques de Montréal (X = Date, Y = Severity)

Commission des services électriques de Montréal cyber incidents detection timeline including parent company and subsidiaries

Incident History — TATA Power (X = Date, Y = Severity)

TATA Power cyber incidents detection timeline including parent company and subsidiaries

Commission des services électriques de Montréal

Incidents

Date Detected: 6/2023

Type:Breach

Motivation: Financial Gain

Blog: Blog

TATA Power

Incidents

Date Detected: 10/2022

Type:Cyber Attack

Blog: Blog

TATA Power company demonstrates a stronger AI Cybersecurity Score compared to Commission des services électriques de Montréal company, reflecting its advanced cybersecurity posture governance and monitoring frameworks.

Commission des services électriques de Montréal and TATA Power have experienced a similar number of publicly disclosed cyber incidents.

In the current year, TATA Power company and Commission des services électriques de Montréal company have not reported any cyber incidents.

Neither TATA Power company nor Commission des services électriques de Montréal company has reported experiencing a ransomware attack publicly.

Commission des services électriques de Montréal company has disclosed at least one data breach, while the other TATA Power company has not reported such incidents publicly.

TATA Power company has reported targeted cyberattacks, while Commission des services électriques de Montréal company has not reported such incidents publicly.

Neither Commission des services électriques de Montréal company nor TATA Power company has reported experiencing or disclosing vulnerabilities publicly.

Neither Commission des services électriques de Montréal nor TATA Power holds any compliance certifications.

Neither company holds any compliance certifications.

TATA Power company has more subsidiaries worldwide compared to Commission des services électriques de Montréal company.

TATA Power company employs more people globally than Commission des services électriques de Montréal company, reflecting its scale as a Utilities.

Neither Commission des services électriques de Montréal nor TATA Power holds SOC 2 Type 1 certification.

Neither Commission des services électriques de Montréal nor TATA Power holds SOC 2 Type 2 certification.

Neither Commission des services électriques de Montréal nor TATA Power holds ISO 27001 certification.

Neither Commission des services électriques de Montréal nor TATA Power holds PCI DSS certification.

Neither Commission des services électriques de Montréal nor TATA Power holds HIPAA certification.

Neither Commission des services électriques de Montréal nor TATA Power holds GDPR certification.

Description

A vulnerability was determined in motogadget mo.lock Ignition Lock up to 20251125. Affected by this vulnerability is an unknown functionality of the component NFC Handler. Executing manipulation can lead to use of hard-coded cryptographic key . The physical device can be targeted for the attack. A high complexity level is associated with this attack. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Published

Date

2025-11-29

Updated

Date

2025-11-29

Risk Information

cvss2

Base: 1.2

Severity: HIGH

AV:L/AC:H/Au:N/C:P/I:N/A:N

cvss3

Base: 2.0

Severity: HIGH

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

cvss4

Base: 1.0

Severity: HIGH

CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the interview attachment retrieval endpoint in the Recruitment module serves files based solely on an authenticated session and user-supplied identifiers, without verifying whether the requester has permission to access the associated interview record. Because the server does not perform any recruitment-level authorization checks, an ESS-level user with no access to recruitment workflows can directly request interview attachment URLs and receive the corresponding files. This exposes confidential interview documents—including candidate CVs, evaluations, and supporting files—to unauthorized users. The issue arises from relying on predictable object identifiers and session presence rather than validating the user’s association with the relevant recruitment process. This issue has been patched in version 5.8.

Published

Date

2025-11-29

Updated

Date

2025-11-29

Risk Information

cvss4

Base: 5.3

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application’s recruitment attachment retrieval endpoint does not enforce the required authorization checks before serving candidate files. Even users restricted to ESS-level access, who have no permission to view the Recruitment module, can directly access candidate attachment URLs. When an authenticated request is made to the attachment endpoint, the system validates the session but does not confirm that the requesting user has the necessary recruitment permissions. As a result, any authenticated user can download CVs and other uploaded documents for arbitrary candidates by issuing direct requests to the attachment endpoint, leading to unauthorized exposure of sensitive applicant data. This issue has been patched in version 5.8.

Published

Date

2025-11-29

Updated

Date

2025-11-29

Risk Information

cvss4

Base: 5.3

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

https://github.com/orangehrm/orangehrm/security/advisories/GHSA-qf8r-c54j-jw88

Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the application does not invalidate existing sessions when a user is disabled or when a password change occurs, allowing active session cookies to remain valid indefinitely. As a result, a disabled user, or an attacker using a compromised account, can continue to access protected pages and perform operations as long as a prior session remains active. Because the server performs no session revocation or session-store cleanup during these critical state changes, disabling an account or updating credentials has no effect on already-established sessions. This makes administrative disable actions ineffective and allows unauthorized users to retain full access even after an account is closed or a password is reset, exposing the system to prolonged unauthorized use and significantly increasing the impact of account takeover scenarios. This issue has been patched in version 5.8.

Published

Date

2025-11-29

Updated

Date

2025-11-29

Risk Information

cvss4

Base: 8.7

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

https://github.com/orangehrm/orangehrm/security/advisories/GHSA-99qp-xh4q-pr9x

Description

OrangeHRM is a comprehensive human resource management (HRM) system. From version 5.0 to 5.7, the password reset workflow does not enforce that the username submitted in the final reset request matches the account for which the reset process was originally initiated. After obtaining a valid reset link for any account they can receive email for, an attacker can alter the username parameter in the final reset request to target a different user. Because the system accepts the supplied username without verification, the attacker can set a new password for any chosen account, including privileged accounts, resulting in full account takeover. This issue has been patched in version 5.8.

Published

Date

2025-11-29

Updated

Date

2025-11-29

Risk Information

cvss4

Base: 8.7

Severity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

References

https://github.com/orangehrm/orangehrm/security/advisories/GHSA-5ghw-9775-v263

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

Commission des services électriques de Montréal

VS

TATA Power

Commission des services électriques de Montréal

TATA Power

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Utilities Industry Average (This Year)

Incidents vs Utilities Industry Average (This Year)

Incident History — Commission des services électriques de Montréal (X = Date, Y = Severity)

Incident History — TATA Power (X = Date, Y = Severity)

Notable Incidents

FAQ

Latest Global CVEs (Not Company-Specific)

CVE-2025-6666

Risk Information

CVE-2025-66291

Risk Information

CVE-2025-66290

Risk Information

CVE-2025-66289

Risk Information

CVE-2025-66225

Risk Information

Badge your company to reduce your risk score and your cyber insurance costs!

Comparison Overview

Commission des services électriques de Montréal

VS

TATA Power

Commission des services électriques de Montréal

TATA Power

Compliance Badges Comparison

Benchmark & Cyber Underwriting Signals

Incidents vs Utilities Industry Average (This Year)

Incidents vs Utilities Industry Average (This Year)

Incident History — Commission des services électriques de Montréal (X = Date, Y = Severity)

Incident History — TATA Power (X = Date, Y = Severity)

Notable Incidents

🔒 Incident : Breach COM21211923

🔒 Incident : Cyber Attack TAT2255161022

FAQ

Between Commission des services électriques de Montréal company and TATA Power company, which one has the best AI Cybersecurity Score ?

Between Commission des services électriques de Montréal company and TATA Power company, which one has experienced more cyber incidents in the past ?

Between Commission des services électriques de Montréal company and TATA Power company, which one has experienced more cyber incidents this year ?

Between Commission des services électriques de Montréal company and TATA Power company, which one has experienced at least one ransomware attack ?

Between Commission des services électriques de Montréal company and TATA Power company, which one has experienced at least one data breach ?

Between Commission des services électriques de Montréal company and TATA Power company, which one has experienced at least one targeted cyberattack ?

Between Commission des services électriques de Montréal company and TATA Power company, which one has experienced at least one vulnerability ?

Between Commission des services électriques de Montréal company and TATA Power company, which one holds the most compliance certifications ?

Between Commission des services électriques de Montréal company and TATA Power company, which one holds the fewest compliance certifications ?

Between Commission des services électriques de Montréal company and TATA Power company, which one has the most subsidiaries ?

Between Commission des services électriques de Montréal company and TATA Power company, which one has the largest number of employees ?

Between Commission des services électriques de Montréal and TATA Power, which company holds both SOC 2 Type 1 certifications ?

Between Commission des services électriques de Montréal and TATA Power, which company holds both SOC 2 Type 2 certifications ?

Which company is ISO 27001 certified — Commission des services électriques de Montréal or TATA Power ?

Which company is PCI DSS compliant — Commission des services électriques de Montréal or TATA Power ?

Between Commission des services électriques de Montréal and TATA Power, which company complies with HIPAA regulations for healthcare data ?

Between Commission des services électriques de Montréal and TATA Power, which company complies with GDPR requirements ?

Latest Global CVEs (Not Company-Specific)

CVE-2025-6666

Risk Information

CVE-2025-66291

Risk Information

CVE-2025-66290

Risk Information

CVE-2025-66289

Risk Information

CVE-2025-66225

Risk Information