What is the official website of CRRC Corporation Ltd. ?

The official website of CRRC Corporation Ltd. is https://www.crrcgc.cc/en.

What is CRRC Corporation Ltd.'s cybersecurity risk score?

CRRC Corporation Ltd. has an AI-generated cybersecurity risk score of 695 out of 1000, indicating a Weak security posture according to Rankiteo's assessment.

How many security incidents has CRRC Corporation Ltd. experienced?

According to Rankiteo, CRRC Corporation Ltd. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has CRRC Corporation Ltd. been affected by any supply chain cyber incidents ?

According to Rankiteo, CRRC Corporation Ltd. has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does CRRC Corporation Ltd. have SOC 2 Type 1 certification ?

According to Rankiteo, CRRC Corporation Ltd. is not certified under SOC 2 Type 1.

Does CRRC Corporation Ltd. have SOC 2 Type 2 certification ?

According to Rankiteo, CRRC Corporation Ltd. does not hold a SOC 2 Type 2 certification.

Does CRRC Corporation Ltd. comply with GDPR ?

According to Rankiteo, CRRC Corporation Ltd. is not listed as GDPR compliant.

Does CRRC Corporation Ltd. have PCI DSS certification ?

According to Rankiteo, CRRC Corporation Ltd. does not currently maintain PCI DSS compliance.

Does CRRC Corporation Ltd. comply with HIPAA ?

According to Rankiteo, CRRC Corporation Ltd. is not compliant with HIPAA regulations.

Does CRRC Corporation Ltd. have ISO 27001 certification ?

According to Rankiteo,CRRC Corporation Ltd. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does CRRC Corporation Ltd. operate in ?

CRRC Corporation Ltd. operates primarily in the Railroad Equipment Manufacturing industry.

How many employees does CRRC Corporation Ltd. have ?

CRRC Corporation Ltd. employs approximately 381 people worldwide.

Does CRRC Corporation Ltd. own any subsidiaries ?

CRRC Corporation Ltd. presently has no subsidiaries across any sectors.

How many LinkedIn followers does CRRC Corporation Ltd. have ?

CRRC Corporation Ltd.'s official LinkedIn profile has approximately 34,151 followers.

What is the NAICS classification code for CRRC Corporation Ltd. ?

CRRC Corporation Ltd. is classified under the NAICS code 3365, which corresponds to Railroad Rolling Stock Manufacturing.

Does CRRC Corporation Ltd. have a Crunchbase profile ?

No, CRRC Corporation Ltd. does not have a profile on Crunchbase.

Does CRRC Corporation Ltd. have a LinkedIn profile ?

Yes, CRRC Corporation Ltd. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/crrc-corporation-ltd.

How many cybersecurity incidents has CRRC Corporation Ltd. experienced ?

As of June 17, 2026, Rankiteo reports that CRRC Corporation Ltd. has experienced 1 cybersecurity incidents.

How many peer or competitor companies does CRRC Corporation Ltd. have ?

CRRC Corporation Ltd. has an estimated 289 peer or competitor companies worldwide.

What types of cybersecurity incidents has CRRC Corporation Ltd. faced ?

Incident Types: The types of cybersecurity incidents that have occurred include Breach.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

CCL

Boost Score +25 with badge (5 left)

695

/1000

Weak

720

/1000

Moderate

CRRC Corporation Ltd. Vendor Cyber Rating & Cyber Score

crrcgc.cc

Add Your Compliance Badge

CRRC undertakes design, manufacture, testing, commissioning and maintenance of locomotives and rolling stock, including: electric locomotives, diesel-electric and diesel-hydraulic locomotives from 280 kw to 10,000 kw for mainline and shunting duties; high-speed trains of speed over 350 km/h; DMUs and EMUs for urban, suburban and regional transport; trams and light rail vehicles; metro cars and passenger coaches; as well as full line of freight wagons, such as covered wagons; open-top wagons for coal, ore, steel and timber; hopper wagons for grain, ore, fertilizer; flat wagons; double-deck container flat wagons; tank wagons for all types of liquid and chemicals; tipper wagons, schnabel and depressed center wagons, as well as track machinery.

CCL A.I CyberSecurity Scoring

Scoring History

CCL

CRRC Corporation Ltd. CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

CRRC Corporation Lt...

Breach

1/2026

CRRTESAUS176770...

Loading…

A.I.

CCL Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for CCL

Incidents vs Railroad Equipment Manufacturing Industry Avg (This Year)

CRRC Corporation Ltd. has 75.0% fewer incidents than the average of same-industry companies with at least one recorded incident.

Incidents vs All-Companies Average (This Year)

CRRC Corporation Ltd. has 6.54% fewer incidents than the average of all companies with at least one recorded incident.

Incident Types CCL vs Railroad Equipment Manufacturing Industry Avg (This Year)

CRRC Corporation Ltd. reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.

Incident History - CCL (X = Date, Y = Severity)

Loading…

SUBSIDIARY

CRRC Corporation Ltd. Subsidiaries

Parent Company

CCL

Railroad Equipment Manufacturing

Website: https://www.crrcgc.cc/en

Company Size: 10,001+ employees

No subsidiary data available for this company.

Loading…

CRRC Corporation Ltd. Similar Companies

Loading…

NEWS

CRRC Corporation Ltd. CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

March 13, 2025 07:00 AM

Europe Daily News, 13 March 2025

COMPETITION N on-opposition to a notified concentration (Case M.11870 - Igneo / Höegh Family Group / Larus) N on-opposition to.

Read Article

March 15, 2023 07:00 AM

China debuts bonkers hybrid electric trolley-truck

China's march into the future of everything moved forward yesterday with the debut of an electric vehicle that can draw power from either on-board batteries or...

Read Article

October 12, 2022 07:00 AM

DOD Releases New List of Section 889 Banned Entities | PilieroMazza PLLC

Section 889 is a broad prohibition to the use of any covered Chinese technology posing a threat to US cybersecurity and national security.

Read Article

October 11, 2022 07:00 AM

CRRC may face new US sanctions

The US Department of Defense blacklisted the rolling stock manufacturer and a number of other Chinese enterprises that it believes are fulfilling a defense...

Read Article

October 07, 2020 07:00 AM

Senior NSW bureaucrats' flying visits to now-blacklisted Chinese company

A Chinese company that has been building Sydney's new suburban trains is now at the centre of an alleged labour scandal.

Read Article

October 07, 2020 07:00 AM

Premier 'concerned' over Uighur labour links to Sydney's new trains

NSW Premier Gladys Berejiklian says she's concerned over revelations a Chinese-state owned company manufacturing Sydney trains has been...

Read Article

October 04, 2020 07:00 AM

Melbourne's new trains being built in China by blacklisted Belt and Road firm

The parent company of the firm that won the major project has been flagged by the Pentagon as a potential cybersecurity threat through its...

Read Article

October 26, 2019 07:00 AM

The US sees Chinese rail company CRRC as a threat. Is it right to?

Since 2014, the world's largest maker of freight wagons and passenger carriages has won US$2.6 billion in contracts in the United States but...

Read Article

October 04, 2019 07:00 AM

Don’t Trust China to Make Our Subway Cars, Warns Industry

They're built in two U.S. factories by a company that's taking over the rail car industry worldwide.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-48777

SUMMARY

FileBrowser Quantum is a free, self-hosted, web-based file manager. Versions prior to 1.3.2-stable, 1.4.0-beta and 1.4.1-beta are vulnerable to Path Traversal through the publicPatchHandler in backend/http/public.go which joins user-controlled fromPath and toPath body fields with the trusted d.share.Path BEFORE the downstream sanitizer runs. Because filepath.Join collapses .. segments during the join, the sanitizer in resourcePatchHandler never sees the traversal and the move/copy/rename operates on a path outside the shared directory. The same root-cause pattern was patched for the bulk DELETE endpoint as CVE-2026-44542 (GHSA-fwj3-42wh-8673), but the PATCH handler with the identical pattern was not updated. A public share link with AllowModify=true is sufficient to exploit this. Anyone holding such a link can move, copy, or rename arbitrary files within the share owner's source root. This issue has been fixed in versions 1.3.3-stable and 1.4.2-beta.

Published

Date2026-06-16

Updated

Date2026-06-16

RISK INFORMATION (Score: )

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

Exploitability

REFERENCES

CVE-2026-47750

SUMMARY

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the GLOBAL opcode handler. The issue was caused by missing validation when searching for newline-delimited fields. A crafted .ckpt file without the expected newline could cause the parser to use -1 as a copy length, resulting in immediate heap corruption. The attack requires the victim or application to load a .ckpt file from an untrusted source, such as a downloaded model from a model sharing site. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by following these instructions: do not load .ckpt checkpoint files from untrusted sources, and prefer trusted model sources and safer formats such as .safetensors where possible.

Published

Date2026-06-16

Updated

Date2026-06-16

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-47747

SUMMARY

stable-diffusion.cpp is a pure C/C++ library for running diffusion model (Stable Diffusion, Flux, Wan, Qwen Image, Z-Image, and more) inference. In versions prior to master-584-0a7ae07, the pickle .ckpt parser in src/model.cpp contained a heap buffer overflow vulnerability in the BINUNICODE opcode handler. The issue was caused by sign confusion on the opcode length field. A crafted .ckpt file could trigger memcpy with a very large length derived from a negative signed value, causing immediate heap corruption. The issue has been resolved in version master-584-0a7ae07. If developers are unable to immediately update their applications they can work around this issue by only loading .ckpt checkpoint files from trusted sources and preferring trusted model sources and safer formats such as .safetensors where possible.

Published

Date2026-06-16

Updated

Date2026-06-16

RISK INFORMATION (Score: 7.8)

cvss3

Base Score: 7.8

Complexity: LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score

5.9

Exploitability

1.8

REFERENCES

CVE-2026-46448

SUMMARY

In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation.

Published

Date2026-06-16

Updated

Date2026-06-16

RISK INFORMATION (Score: 5.4)

cvss3

Base Score: 5.4

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

Impact Score

2.5

Exploitability

2.8

REFERENCES

CVE-2026-22313

SUMMARY

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.

Published

Date2026-06-16

Updated

Date2026-06-16

RISK INFORMATION (Score: 9.1)

cvss3

Base Score: 9.1

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Impact Score

Exploitability

2.3

REFERENCES

https://www.cvcn.gov.it/cvcn/cve/CVE-2026-22313

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…