CRRC MA
Company Details
Linkedin ID:
crrc-ma
Website:
Employees number:
332
Number of followers:
18,501
NAICS:
3365
Industry Type:
Homepage:
crrcma.com
IP Addresses:
0
Company ID:
CRR_2996943
Scan Status:
In-progress
CRRC MA Company CyberSecurity Posture
crrcma.com
CRRC MA, a U.S. rail car manufacturer headquartered in Quincy, Massachusetts, has been awarded transit rail car contracts from Boston’s MBTA, Los Angeles Metro, Philadelphia’s SEPTA. CRRC MA has established two manufacturing facilities in the U.S., including a $95M investment in Springfield, Massachusetts and a $40M investment in Los Angeles, California. CRRC MA located the corporation’s North American manufacturing facility in Springfield due to its rich history in manufacturing and the City’s openness to partnership building through education, vocational training and job creation. As a result of CRRC’s significant investment and growth, CRRC MA’s workforce comprises 320 employees. The manufacturing facility in Springfield employs 258 employees, including 177 union production employees. The Springfield workforce is underway with manufacturing 404 subway trains for the MBTA. The commitment to local employment and vocational training of the workforce remains priority. As a result, all new-hire assemblers participate in a training program for the duration of their qualification process. Massachusetts is the first state in the U.S. to have a registered Apprenticeship Program in rail car manufacturing. CRRC MA has partnered with Springfield’s MassHire Hampden County Workforce Board and sheet metal and electrical unions 7 & 63 on the execution of a state approved Registered Apprenticeship program for mechanical production worker training in rail car manufacturing. The 1 year program for apprentices seeking careers in rail car manufacturing at CRRC MA Corp is equivalent to 2,000 hours of technical training and is combined with 150 hours of related technical instruction provided by the unions. With the return of manufacturing to Springfield, these jobs are career opportunities complete with a competitive wage package.
CRRC MA A.I CyberSecurity Scoring
CRRC MA Risk Score (AI oriented)Between 700 and 749
CRRC MA
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
CRRC MA Global Score (TPRM)XXXX
CRRC MA
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
CRRC MA Company CyberSecurity News & History
Past Incidents
0
Attack Types
0
No data available
CRRC MA Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for CRRC MA
Incidents vs Railroad Equipment Manufacturing Industry Average (This Year)
No incidents recorded for CRRC MA in 2025.
Incidents vs All-Companies Average (This Year)
No incidents recorded for CRRC MA in 2025.
Incident Types CRRC MA vs Railroad Equipment Manufacturing Industry Avg (This Year)
No incidents recorded for CRRC MA in 2025.
Incident History — CRRC MA (X = Date, Y = Severity)
CRRC MA cyber incidents detection timeline including parent company and subsidiaries
CRRC MA Company Subsidiaries
CRRC MA, a U.S. rail car manufacturer headquartered in Quincy, Massachusetts, has been awarded transit rail car contracts from Boston’s MBTA, Los Angeles Metro, Philadelphia’s SEPTA. CRRC MA has established two manufacturing facilities in the U.S., including a $95M investment in Springfield, Massachusetts and a $40M investment in Los Angeles, California. CRRC MA located the corporation’s North American manufacturing facility in Springfield due to its rich history in manufacturing and the City’s openness to partnership building through education, vocational training and job creation. As a result of CRRC’s significant investment and growth, CRRC MA’s workforce comprises 320 employees. The manufacturing facility in Springfield employs 258 employees, including 177 union production employees. The Springfield workforce is underway with manufacturing 404 subway trains for the MBTA. The commitment to local employment and vocational training of the workforce remains priority. As a result, all new-hire assemblers participate in a training program for the duration of their qualification process. Massachusetts is the first state in the U.S. to have a registered Apprenticeship Program in rail car manufacturing. CRRC MA has partnered with Springfield’s MassHire Hampden County Workforce Board and sheet metal and electrical unions 7 & 63 on the execution of a state approved Registered Apprenticeship program for mechanical production worker training in rail car manufacturing. The 1 year program for apprentices seeking careers in rail car manufacturing at CRRC MA Corp is equivalent to 2,000 hours of technical training and is combined with 150 hours of related technical instruction provided by the unions. With the return of manufacturing to Springfield, these jobs are career opportunities complete with a competitive wage package.
Loading...
CRRC MA Similar Companies
Beena Vision Solutions
Wabtec is a leading global provider of equipment, systems, digital solutions, and value-added services. Whether it's freight rail, transit, mining, industrial, or marine, our expertise, technologies, and people - together - are accelerating the future of transportation. The Beena Vision range of v
Direct Track Solutions Ltd
DTS continues to offer a quality alternative for the supply of Permanent Way products and services. Our philosophy is to provide a personal approach to our customers setting us apart from other supply chain distributors. Our ethos for quality, innovation and service is underpinned by our supply par
Zephir S.p.A.
Zephir was founded in 1969, designing and manufacturing heavy-duty towing vehicles for industrial applications, from steelwork to intermodal terminals and airports. In 1977, Zephir became the first world producer of an innovative tractor: the LOCOTRACTOR, a rail – road vehicle able to be on and off
Birmingham Rail
Birmingham Rail has been a trusted partner to the railroad and industrial markets for over a century. With more than 125 years of experience, we provide a comprehensive range of products and services, specializing in new and relay rail, track materials, crane rail, and accessories. From our 40-acr
McConway & Torley, LLC
With locations in Pittsburgh, PA and Kutztown, PA, McConway and Torley, LLC has been in continuous operations since 1869, the same year the first U.S. transcontinental railroad was completed. McConway has been able to meet the needs of our customers with a steady, dependable and economical supply of
China Railway Signal & Communication Corporation Limited
China Railway Signal & Communication Corporation Limited (hereinafter referred to as CRSC) is the provider of railway signal and communication technology, products and services, the precursor and leader in the China rail transit control industry, one of the biggest rail transit system solution provi
.png)
CRRC MA CyberSecurity News
October 24, 2024 07:00 AM
WVU Launches Cyber-Resilience Resource Center to Boost Statewide Cybersecurity and Economic Growth
West Virginia University is set to establish the Cyber-Resilience Resource Center (CRRC), designed to enhance cybersecurity and...
November 15, 2019 08:00 AM
Don’t Let China’s State-Owned CRRC Build NYC’s Subway, State Lawmakers Say
A bill to prevent foreign state-owned enterprises, including the China Railway Rolling Stock Corporation (CRRC), from using New York tax money on mass...
October 26, 2019 07:00 AM
The US sees Chinese rail company CRRC as a threat. Is it right to?
Since 2014, the world's largest maker of freight wagons and passenger carriages has won US$2.6 billion in contracts in the United States but...
October 07, 2019 07:00 AM
Deal on new rail cars embroils SEPTA in U.S. suspicions of China manufacturer
SPRINGFIELD, Mass. — An order for new Regional Rail cars is putting SEPTA in the middle of the U.S. trade war with China.
May 15, 2019 07:00 AM
Chinese-owned CRRC, brought jobs to Springfield, but faces national security questions in Washington
Chinese-owned CRRC MA has been lauded for creating 158 jobs here as it builds Orange Line subway cars for the T and prepares to work on Red Line cars later...
May 09, 2019 07:00 AM
A Chinese company plans to go after a big DC subway project despite concerns it could help Beijing spy on US officials
China's CRRC plans to bid on a big DC subway project amid a charm campaign to quash criticism that it's a threat to cybersecurity and US...
February 15, 2019 08:00 AM
CRRC cars meet global standards
The president of the North American division of the China Railway Rolling Stock Corp (CRRC) dismissed talk emanating from Washington that...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
CRRC MA CyberSecurity History Information
Official Website of CRRC MA
The official website of CRRC MA is https://crrcma.com/get-the-facts.
CRRC MA’s AI-Generated Cybersecurity Score
According to Rankiteo, CRRC MA’s AI-generated cybersecurity score is 748, reflecting their Moderate security posture.
How many security badges does CRRC MA’ have ?
According to Rankiteo, CRRC MA currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does CRRC MA have SOC 2 Type 1 certification ?
According to Rankiteo, CRRC MA is not certified under SOC 2 Type 1.
Does CRRC MA have SOC 2 Type 2 certification ?
According to Rankiteo, CRRC MA does not hold a SOC 2 Type 2 certification.
Does CRRC MA comply with GDPR ?
According to Rankiteo, CRRC MA is not listed as GDPR compliant.
Does CRRC MA have PCI DSS certification ?
According to Rankiteo, CRRC MA does not currently maintain PCI DSS compliance.
Does CRRC MA comply with HIPAA ?
According to Rankiteo, CRRC MA is not compliant with HIPAA regulations.
Does CRRC MA have ISO 27001 certification ?
According to Rankiteo,CRRC MA is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of CRRC MA
CRRC MA operates primarily in the Railroad Equipment Manufacturing industry.
Number of Employees at CRRC MA
CRRC MA employs approximately 332 people worldwide.
Subsidiaries Owned by CRRC MA
CRRC MA presently has no subsidiaries across any sectors.
CRRC MA’s LinkedIn Followers
CRRC MA’s official LinkedIn profile has approximately 18,501 followers.
NAICS Classification of CRRC MA
CRRC MA is classified under the NAICS code 3365, which corresponds to Railroad Rolling Stock Manufacturing.
CRRC MA’s Presence on Crunchbase
No, CRRC MA does not have a profile on Crunchbase.
CRRC MA’s Presence on LinkedIn
Yes, CRRC MA maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/crrc-ma.
Cybersecurity Incidents Involving CRRC MA
As of November 27, 2025, Rankiteo reports that CRRC MA has not experienced any cybersecurity incidents.
Number of Peer and Competitor Companies
CRRC MA has an estimated 275 peer or competitor companies worldwide.
CRRC MA CyberSecurity History Information
How many cyber incidents has CRRC MA faced ?
Total Incidents: According to Rankiteo, CRRC MA has faced 0 incidents in the past.
What types of cybersecurity incidents have occurred at CRRC MA ?
Incident Types: The types of cybersecurity incidents that have occurred include .
Incident Details
What are the most common types of attacks the company has faced ?
Additional Questions
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=crrc-ma' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
