CCL
Company Details
Linkedin ID:
crrc-corporation-ltd
Website:
Employees number:
347
Number of followers:
27,744
NAICS:
3365
Industry Type:
Homepage:
crrcgc.cc
IP Addresses:
0
Company ID:
CRR_1370648
Scan Status:
In-progress
CRRC Corporation Ltd. Company CyberSecurity Posture
crrcgc.cc
CRRC undertakes design, manufacture, testing, commissioning and maintenance of locomotives and rolling stock, including: electric locomotives, diesel-electric and diesel-hydraulic locomotives from 280 kw to 10,000 kw for mainline and shunting duties; high-speed trains of speed over 350 km/h; DMUs and EMUs for urban, suburban and regional transport; trams and light rail vehicles; metro cars and passenger coaches; as well as full line of freight wagons, such as covered wagons; open-top wagons for coal, ore, steel and timber; hopper wagons for grain, ore, fertilizer; flat wagons; double-deck container flat wagons; tank wagons for all types of liquid and chemicals; tipper wagons, schnabel and depressed center wagons, as well as track machinery.
CRRC Corporation Ltd. A.I CyberSecurity Scoring
CCL Risk Score (AI oriented)Between 700 and 749
CCL
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CCL Global Score (TPRM)XXXX
CCL
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CCL Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
CCL Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CCL
Incidents vs Railroad Equipment Manufacturing Industry Average (This Year)
No incidents recorded for CRRC Corporation Ltd. in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for CRRC Corporation Ltd. in 2025.
Incident Types CCL vs Railroad Equipment Manufacturing Industry Avg (This Year)
No incidents recorded for CRRC Corporation Ltd. in 2025.
Incident History — CCL (X = Date, Y = Severity)
CCL cyber incidents detection timeline including parent company and subsidiaries
CCL Company Subsidiaries
CRRC undertakes design, manufacture, testing, commissioning and maintenance of locomotives and rolling stock, including: electric locomotives, diesel-electric and diesel-hydraulic locomotives from 280 kw to 10,000 kw for mainline and shunting duties; high-speed trains of speed over 350 km/h; DMUs and EMUs for urban, suburban and regional transport; trams and light rail vehicles; metro cars and passenger coaches; as well as full line of freight wagons, such as covered wagons; open-top wagons for coal, ore, steel and timber; hopper wagons for grain, ore, fertilizer; flat wagons; double-deck container flat wagons; tank wagons for all types of liquid and chemicals; tipper wagons, schnabel and depressed center wagons, as well as track machinery.
Loading...
CCL Similar Companies
Lewis Bolt and Nut Company
At Lewis Bolt and Nut we are continuously working to take the railroad fastening industry to the next level by exceeding the expectations of our customers with top quality fastening products, the fastest service available, and knowledgeable, prompt communication. We strive to build products that im
ETA SP Engineers Pte Ltd
Eta SP Engineers Pte Ltd is a Singaporean owned and managed company. Its roots may be traced back to 1993 when it was known as Eta SP. In 2013, we incorporated Eta SP Engineers Pte. Ltd. as a private limited company to grow the business further. We are able to provide a full suite of engineering se
Electric Motor Services, Inc.
Electric Motor Services, Inc. (or EMS) repairs, rebuilds, re-manufactures, and re-engineers all electro-mechanical rotating equipment and provides replacement services for rotating electrical equipment customers. The EMS facility is a fully integrated operation complete with teardown, cleaning, mach
Apex Rail Automation
Apex Rail Automation is a leader in delivering advanced rail automation solutions that enhance the efficiency, safety, and reliability of short lines, transit, industrials, and mainline railroad operations. We specialize in cutting-edge technologies, including remote-controlled TS4500 Power Switch m
Recycling Consultants
At Recycling Consultants, we know there's a lot of hassle often associated with scrap. That's why we do everything we can to take those issues off your plate. Whether we're providing rail take-up, brokering your materials for the best price possible, or transporting your scrap off-site to the mill q
The Railway Shop
The Railway Shop – Industry Expertise, Quality Equipment At The Railway Shop, we’re more than just a supplier—we’re a trusted partner to the railway industry. Since 2015, we’ve been committed to delivering specialist, high-quality railway equipment with the expertise to match. With a team of indus
.png)
CCL CyberSecurity News
March 13, 2025 07:00 AM
Europe Daily News, 13 March 2025
COMPETITION N on-opposition to a notified concentration (Case M.11870 - Igneo / Höegh Family Group / Larus) N on-opposition to.
May 12, 2024 07:00 AM
Kolkata-based Titagarh Rail Systems Limited to deliver the first set of coaches for Bengaluru metro’s yellow line by August 2024
After receiving the prototype coaches from China Railway Rolling Stock Corporation (CRRC), China, the Bengaluru Metro Rail Corporation...
October 12, 2022 07:00 AM
DOD Releases New List of Section 889 Banned Entities | PilieroMazza PLLC
Section 889 is a broad prohibition to the use of any covered Chinese technology posing a threat to US cybersecurity and national security.
October 11, 2022 07:00 AM
CRRC may face new US sanctions
The US Department of Defense blacklisted the rolling stock manufacturer and a number of other Chinese enterprises that it believes are fulfilling a defense...
October 26, 2019 07:00 AM
The US sees Chinese rail company CRRC as a threat. Is it right to?
Since 2014, the world's largest maker of freight wagons and passenger carriages has won US$2.6 billion in contracts in the United States but...
October 04, 2019 07:00 AM
Don’t Trust China to Make Our Subway Cars, Warns Industry
They're built in two U.S. factories by a company that's taking over the rail car industry worldwide.
May 09, 2019 07:00 AM
China to bid on D.C. Metro rail deal as national security hawks circle
By Alexandra Alper and Allison Lampert. (Reuters) - China's CRRC plans to bid on a big Washington D.C. subway project as it doubles down on...
April 29, 2019 07:00 AM
Could China's bid for Metro's new railcars be a way to spy on us?
Cybersecurity experts say a Chinese-government-run company could railroad the competition to build Metro's new rail car, then steal riders'...
March 18, 2019 07:00 AM
Trains and buses could be the next battleground in US-China trade war
Senators have taken the first steps to ban rolling stock manufactured by Chinese companies with state ties as part of the ongoing US-China trade war.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CCL CyberSecurity History Information
Official Website of CRRC Corporation Ltd.
The official website of CRRC Corporation Ltd. is https://www.crrcgc.cc/en.
CRRC Corporation Ltd.’s AI-Generated Cybersecurity Score
According to Rankiteo, CRRC Corporation Ltd.’s AI-generated cybersecurity score is 749, reflecting their Moderate security posture.
How many security badges does CRRC Corporation Ltd.’ have ?
According to Rankiteo, CRRC Corporation Ltd. currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does CRRC Corporation Ltd. have SOC 2 Type 1 certification ?
According to Rankiteo, CRRC Corporation Ltd. is not certified under SOC 2 Type 1.
Does CRRC Corporation Ltd. have SOC 2 Type 2 certification ?
According to Rankiteo, CRRC Corporation Ltd. does not hold a SOC 2 Type 2 certification.
Does CRRC Corporation Ltd. comply with GDPR ?
According to Rankiteo, CRRC Corporation Ltd. is not listed as GDPR compliant.
Does CRRC Corporation Ltd. have PCI DSS certification ?
According to Rankiteo, CRRC Corporation Ltd. does not currently maintain PCI DSS compliance.
Does CRRC Corporation Ltd. comply with HIPAA ?
According to Rankiteo, CRRC Corporation Ltd. is not compliant with HIPAA regulations.
Does CRRC Corporation Ltd. have ISO 27001 certification ?
According to Rankiteo,CRRC Corporation Ltd. is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of CRRC Corporation Ltd.
CRRC Corporation Ltd. operates primarily in the Railroad Equipment Manufacturing industry.
Number of Employees at CRRC Corporation Ltd.
CRRC Corporation Ltd. employs approximately 347 people worldwide.
Subsidiaries Owned by CRRC Corporation Ltd.
CRRC Corporation Ltd. presently has no subsidiaries across any sectors.
CRRC Corporation Ltd.’s LinkedIn Followers
CRRC Corporation Ltd.’s official LinkedIn profile has approximately 27,744 followers.
NAICS Classification of CRRC Corporation Ltd.
CRRC Corporation Ltd. is classified under the NAICS code 3365, which corresponds to Railroad Rolling Stock Manufacturing.
CRRC Corporation Ltd.’s Presence on Crunchbase
No, CRRC Corporation Ltd. does not have a profile on Crunchbase.
CRRC Corporation Ltd.’s Presence on LinkedIn
Yes, CRRC Corporation Ltd. maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/crrc-corporation-ltd.
Cybersecurity Incidents Involving CRRC Corporation Ltd.
As of November 27, 2025, Rankiteo reports that CRRC Corporation Ltd. has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
CRRC Corporation Ltd. has an estimated 275 peer or competitor companies worldwide.
CRRC Corporation Ltd. CyberSecurity History Information
How many cyber incidents has CRRC Corporation Ltd. faced ?
Total Incidents: According to Rankiteo, CRRC Corporation Ltd. has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at CRRC Corporation Ltd. ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=crrc-corporation-ltd' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
