What is the official website of UGL ?

The official website of UGL is http://www.ugllimited.com.

What is UGL's cybersecurity risk score?

UGL has an AI-generated cybersecurity risk score of 776 out of 1000, indicating a Fair security posture according to Rankiteo's assessment.

How many security incidents has UGL experienced?

According to Rankiteo, UGL currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.

Has UGL been affected by any supply chain cyber incidents ?

According to Rankiteo, UGL has not been affected by any supply chain cyber incidents, and no incident IDs are currently listed for the organization.

Does UGL have SOC 2 Type 1 certification ?

According to Rankiteo, UGL is not certified under SOC 2 Type 1.

Does UGL have SOC 2 Type 2 certification ?

According to Rankiteo, UGL does not hold a SOC 2 Type 2 certification.

Does UGL comply with GDPR ?

According to Rankiteo, UGL is not listed as GDPR compliant.

Does UGL have PCI DSS certification ?

According to Rankiteo, UGL does not currently maintain PCI DSS compliance.

Does UGL comply with HIPAA ?

According to Rankiteo, UGL is not compliant with HIPAA regulations.

Does UGL have ISO 27001 certification ?

According to Rankiteo,UGL is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.

Which industry does UGL operate in ?

UGL operates primarily in the Engineering Services industry.

How many employees does UGL have ?

UGL employs approximately 11,667 people worldwide.

Does UGL own any subsidiaries ?

UGL presently has no subsidiaries across any sectors.

How many LinkedIn followers does UGL have ?

UGL's official LinkedIn profile has approximately 209,864 followers.

What is the NAICS classification code for UGL ?

UGL is classified under the NAICS code 54139, which corresponds to Engineering Services.

Does UGL have a Crunchbase profile ?

No, UGL does not have a profile on Crunchbase.

Does UGL have a LinkedIn profile ?

Yes, UGL maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ugl-limited.

How many cybersecurity incidents has UGL experienced ?

As of June 14, 2026, Rankiteo reports that UGL has not experienced any cybersecurity incidents.

How many peer or competitor companies does UGL have ?

UGL has an estimated 1,449 peer or competitor companies worldwide.

NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop

WindowsmacOSLinux

Download

Badge your company to reduce your risk score and your cyber insurance costs!

Link verified badges to your company page to build trust with insurers and customers.

Apply now and get your badge!

Internal validation & live display

Insurers and partners see a safer profile

Faster underwriting decisions

Trusted by insurers. Chosen by leaders.

Proud contributor to the Society of Actuaries.

UGL

Boost Score +25 with badge (5 left)

776

/1000

Fair

801

/1000

Good

UGL Vendor Cyber Rating & Cyber Score

ugllimited.com

Add Your Compliance Badge

UGL is CIMIC Group's specialist end-to-end engineering, services and operations provider. We have a rich history dating back to 1899 and since then we have grown to be a market leader in many of the sectors in which we operate. Working with some of the most important companies and governments in Australia and globally, we help to play a role in people’s lives every day. We keep Australia moving through our transport manufacturing, maintenance and operations offering, and we support the energy sector through our renewables, power generation, resources and transmission operations. We are helping to shape the country through our major infrastructure projects across Australia and we’re preparing for the future with our new energy,

UGL A.I CyberSecurity Scoring

Scoring History

UGL

UGL CyberSecurity News & History

Past Incidents

Attack Types

Entity

Type

Severity

Impact

Seen

Blog Details

Supply Chain Source

Incident Details

View

No data available

Loading…

A.I.

UGL Company Scoring based on AI Models

Cyber Incidents Likelihood 3 - 6 - 9 months

Actual

Prediction

Incident Predictions locked

Access Monitoring Plan

A.I Risk Score Likelihood 3 - 6 - 9 months

Actual

Prediction A

Prediction B

Prediction C

Prediction D

A.I. Risk Score Predictions locked

Access Monitoring Plan

Loading…

Underwriter Stats for UGL

Incidents vs Engineering Services Industry Avg (This Year)

No incidents recorded for UGL in 2026.

Incidents vs All-Companies Average (This Year)

No incidents recorded for UGL in 2026.

Incident Types UGL vs Engineering Services Industry Avg (This Year)

No incidents recorded for UGL in 2026.

Incident History - UGL (X = Date, Y = Severity)

Loading…

SUBSIDIARY

UGL Subsidiaries

UGL

Engineering Services

Website: http://www.ugllimited.com

Company Size: 5,001-10,000 employees

CIMIC Group LimitedCivil Engineering

ThiessMining

CPB ContractorsConstruction

Leighton AsiaConstruction

Sedgman Pty LimitedMining

Sedgman Onyx Pty LtdDesign Services

EIC ActivitiesCivil Engineering

Pacific PartnershipsConstruction

CIMIC Group GraduatesCivil Engineering

Loading…

UGL Similar Companies

ALTEN

alten.com

𝐀 𝐰𝐨𝐫𝐥𝐝 𝐥𝐞𝐚𝐝𝐞𝐫 𝐢𝐧 𝐄𝐧𝐠𝐢𝐧𝐞𝐞𝐫𝐢𝐧𝐠 𝐚𝐧𝐝 𝐈𝐓 𝐒𝐞𝐫𝐯𝐢𝐜𝐞𝐬 ALTEN is committed to meeting the expectations of its stakeholders and anticipating their requirements in the fields of innovation, R&D, and technological information systems. Founded in 1988 and present in 30+ countries, the Group has established itself as the global leader in Engineering and IT Services. ALTEN operates with major players in the Aeronautics, Space, Defence, Naval & Security, Automotive, Rail & Mobility, Energy & Environment, Life Sciences – Health, Industrial Equipment & Electronics, Telecoms, Banking, Finance & Insurance, Retail & Services, Public Services & Government sectors. OUR VISION: BUILDING TOMORROW’S WORLD TODAY We are convinced that engineers are the architects who build tomorrow’s world today. As a global leader in Engineering and IT Services, we support businesses in their technological and sustainable transformation. We commit to making a positive impact over time and on people, pushing the boundaries of innovation, and always staying one step ahead. We are driven by one ambition: to think about the future in the present. A LEADING GLOBAL TECHNOLOGY PARTNER ALTEN is involved in all projects with a technological dimension for the Technical, Research & Development Divisions and IT Systems Divisions of major corporate, telecoms and service clients, requiring the involvement of high-level Consultant-Engineers. To achieve this, the Group has put in place a world-renowned technical organisation of excellence. 🔹 12 Industries covered 🔹 21 Delivery Centers 🔹 6,500+ Clients FULL COVERAGE OF TECHNOLOGIES The Group covers a wide range of expertise in Engineering and IT Services in order to meet our clients’ needs. We bring together and coordinate at the transnational level specialists and consultants, experts in their profession who support our clients in their issues of digital transformation, innovation, product development, supply chain, etc.

Black & Veatch

bv.com

Black & Veatch is an employee-owned, global leader in building critical human infrastructure in Energy, Water, Digital Connectivity and Government Services. Since 1915, we have helped our clients improve business operations and the lives of people in over 100 countries through consulting, engineering, construction, operations and program management. Our purpose is building a world of difference and our vision is to be THE leader in sustainable infrastructure. Black & Veatch Holding Company, its subsidiaries and its affiliated companies, complies with all Equal Employment Opportunity (EEO) affirmative action laws and regulations. Black & Veatch does not discriminate on the basis of age, race, religion, color, sex, national origin, marital status, genetic information, sexual orientation, gender Identity and expression, disability, veteran status, pregnancy status or other status protected by law.

Saipem

cb saipem.com

Saipem is a global leader in the engineering and construction of major projects for the energy and infrastructure sectors, both offshore and onshore. Saipem is “One Company” organized into business lines: Asset Based Services, Drilling, Energy Carriers, Offshore Wind, Sustainable Infrastructures. The company has 5 fabrication yards and an offshore fleet of 17 owned construction vessels and 12 drilling rigs, of which 9 owned. Always oriented towards technological innovation, the company’s purpose is “Engineering for a sustainable future”. As such Saipem is committed to supporting its clients on the energy transition pathway towards Net Zero, with increasingly digital means, technologies and processes geared for environmental sustainability. Listed on the Milan Stock Exchange, it is present in more than 50 countries around the world and employs about 30,000 people of over 130 nationalities.

Ramboll

ramboll.com

Ramboll is a global architecture, engineering and consultancy company founded in Denmark in 1945. Our 18,000+ experts create sustainable solutions across Buildings, Transport, Energy, Environment & Health, Water, Management Consulting and Architecture & Landscape. Across the world, Ramboll combines local experience with a global knowledge base to create sustainable cities and societies. We combine insights with the power to drive positive change for our clients, in the form of ideas that can be realised and implemented. We call it: Bright ideas. Sustainable change. Visit us at ramboll.com

Capgemini Engineering

capgemini.com

World leader in engineering and R&D services, Capgemini Engineering combines its broad industry knowledge and cutting-edge technologies in digital and software to support the convergence of the physical and digital worlds. Coupled with the capabilities of the rest of the Group, it helps clients to accelerate their journey towards Intelligent Industry. Capgemini Engineering has 60,000 engineer and scientist team members in over 30 countries across sectors including Aeronautics, Space, Defense, Naval, Automotive, Rail, Infrastructure & Transportation, Energy, Utilities & Chemicals, Life Sciences, Communications, Semiconductor & Electronics, Industrial & Consumer, Software & Internet. Capgemini Engineering is an integral part of the Capgemini Group, a global business and technology transformation partner, helping organizations to accelerate their dual transition to a digital and sustainable world, while creating tangible impact for enterprises and society. It is a responsible and diverse group of 340,000 team members in more than 50 countries. With its strong over 55-year heritage, Capgemini is trusted by its clients to unlock the value of technology to address the entire breadth of their business needs. It delivers end-to-end services and solutions leveraging strengths from strategy and design to engineering, all fueled by its market leading capabilities in AI, cloud and data, combined with its deep industry expertise and partner ecosystem. The Group reported 2023 global revenues of €22.5 billion. Get The Future You Want | www.capgemini.com

Petrofac

petrofac.com

We are a leading international service provider to the energy industry, with a diverse client portfolio including many of the world’s leading energy companies. Petrofac designs, builds, manages and maintains oil, gas, refining, petrochemicals and renewable energy infrastructure. Our purpose is to enable our clients to meet the world’s evolving energy needs. Our core markets are in the Middle East and North Africa (MENA) region and the UK North Sea, where we have built a long and successful track record of safe, reliable and innovative execution, underpinned by a cost effective and local delivery model with a strong focus on in-country value. We operate in several other significant markets, including India, South East Asia and the United States. We have 8,200 employees based across more than 30 offices globally. Petrofac is quoted on the London Stock Exchange (symbol: PFC). To find out more, visit www.petrofac.com

SYSTRA

systra.com

SYSTRA is one of the world's leading engineering and consultancy groups specialising in public transport and mobility solutions. For more than 65 years, the Group has been committed to helping cities and regions to contribute to their development by creating, improving and modernising their transport infrastructure. With its 11,000 employees, the Group's mission is to connect people and bring territories closer together in the 80 countries where it operates. By making travel more fluid, the infrastructures designed by SYSTRA bring communities together, develop social integration and facilitate access to employment, education and leisure. A signature for transport solutions, SYSTRA supports its partners and clients throughout the lifecycle of their projects. SYSTRA is involved at a very early stage in the design phase, right through to the deployment and maintenance test phases. SYSTRA provides all of its services in more than 80 countries worldwide and generates 80% of its turnover internationally. KEY FIGURES - €1.3 bn in sales in 2024 - 2nd international engineering company for Mass Transit & Rail* - 3d for Bridges* - 6th in the Transport sector* * Engineering News-Record (ENR) ranking, 2025

L&T Technology Services

ltts.com

L&T Technology Services (LTTS) is one of the world’s leading engineering and technology service providers. With operations in over 25 countries and a growing annual revenue that now surpasses USD 1.2 billion, we work with organizations who design, develop or deliver products and services. We help the world’s biggest and brightest brands across practically every industry. So, how did we get here? Imagine working within a division of Larsen & Toubro (L&T) – the engineering giant with revenue in excess of USD 27 billion. Once our success became too big to contain, we were spun off into our own business, converging our engineering heritage with unmatched technology prowess, and bringing our unique brand of engineering to clients worldwide. We define it as Purposeful. Agile. Innovation. Fast-forward to today, and we’re leading the charge in industries that are shaping the future. The secret to our success is that every one of us is an Engineer at Heart💙 It’s our 23,700 (and counting) experts who constantly redefine excellence through a commitment to innovation, agility, and sustainable engineering solutions. Our engineers aren’t just experts – they’re passionate problem solvers with a relentless drive to innovate. At LTTS, being an Engineer at Heart is more than a tag line; it’s a shared mindset that powers everything we do. And it helps us focus on our shared mission: Engineering the Change the world needs to see.

Tecnicas Reunidas

tecnicasreunidas.es

TR is an international general contractor engaged in the engineering and construction of industrial facilities in the fields of: -Oil & Gas -Refining & Petrochemical -Power Generation -Infrastructures and industries -Energy Transition Engaging in the engineering, design and construction of various types of industrial facilities for a broad spectrum of customers throughout the world, including many of the principal national oil companies and several multinational companies. Leader for engineering and construction in the oil and gas sector in Spain, one of the leaders in Europe in the design and construction of oil and gas facilities, and one of the world leaders in the refining sector. especialiced on large turnkey industrial projects, although we also provide engineering, management, start-up and operating services for industrial plants. You can also follow us on twitter: @TRSA_rrhh

Loading…

NEWS

UGL CyberSecurity News

Latest updates, reports, and threat intel affecting the global network.

October 18, 2022 07:00 AM

Australia, Singapore Sign 'Green Economy' Pact

Australia and Singapore agree on a "green economy" deal to boost cooperation on climate investment, financing, and technology.

Read Article

Loading…

CVE

Latest

Global CVEs (Not Company-Specific)

CVE-2026-12175

SUMMARY

A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 4.7)

cvss2

Base Score: 5.8

Complexity: LOW

AV:N/AC:L/Au:M/C:P/I:P/A:P

cvss3

Base Score: 4.7

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

cvss4

Base Score: 2.0

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

3.4

Exploitability

1.2

REFERENCES

CVE-2026-12174

SUMMARY

A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 8.8)

cvss2

Base Score: 9.0

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:C/A:C

cvss3

Base Score: 8.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 7.4

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

2.8

REFERENCES

CVE-2026-12183

SUMMARY

Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credentials (e.g., action=dologin&login=<any_value>&pwd=<any_value>), and subsequent privileged endpoints under /php/ajax-main.php and /modules/* do not validate a server-side session. A remote unauthenticated attacker can invoke any administrative action exposed by the configuration module, including reading and modifying user rules, fuel tank gauges, fuel dispensers, relays, cash registers, bank terminals, fuel cards, price and customer displays, cash collection, and pricing rules.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 9.8)

cvss3

Base Score: 9.8

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

cvss4

Base Score: 9.3

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Impact Score

5.9

Exploitability

3.9

REFERENCES

CVE-2026-6428

SUMMARY

SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha application database via the Filter URL parameter when the Criteria parameter matches /branchcode/. The vulnerable sink in sub calculate concatenates the unmodified Filter request parameter directly into a LIKE clause of the auxiliary $strsth2 statement and executes it via DBI without bound parameters: my $f = @$filters[0]; $f =~ s/\*/%/g; $strsth2 .= " AND $column LIKE '$f' "; This enables error-based SQL injection (e.g., via EXTRACTVALUE) and full read access to sensitive tables including borrowers (password hashes, 2FA secrets, PII), borrower_password_recovery, api_keys, and sessions. Proof of concept (error-based, single request): GET /cgi-bin/koha/reports/catalogue_out.pl?do_it=1&output=screen&Limit=10&Criteria=branchcode&Filter=x'+AND+EXTRACTVALUE(1,CONCAT(0x7e,VERSION(),0x7c,USER(),0x7c,DATABASE(),0x7e))--+- Cookie: CGISESSID=<LIBRARIAN_SESSION> The response body contains the DBI exception leaking the MariaDB version, database user, client IP, and database name, after which arbitrary data can be paged out using LIMIT n,1 / SUBSTRING(...). The vulnerable sink was introduced in commit 6bb77ae3e4 (2008-07-09); CVE-2015-4633 patched the same class in sibling files but did not generalise the fix to reports/catalogue_out.pl. Fixed in Koha 22.11.38, 24.11.16, 25.05.11, 25.11.05, 26.05.01, and 26.11.00 by replacing the raw concatenation with a parameterised placeholder.

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.6)

cvss2

Base Score: 7.5

Complexity: LOW

AV:N/AC:L/Au:S/C:C/I:N/A:P

cvss3

Base Score: 7.6

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

cvss4

Base Score: 5.6

Complexity: LOW

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:X/U:Amber

Impact Score

4.7

Exploitability

2.8

REFERENCES

CVE-2026-5513

SUMMARY

The Online Scheduling and Appointment Booking System – Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bookly-customer-full-name' cookie in versions up to, and including, 27.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires 'Remember personal information in cookies' setting to be enabled (disabled by default).

Published

Date2026-06-13

Updated

Date2026-06-13

RISK INFORMATION (Score: 7.2)

cvss3

Base Score: 7.2

Complexity: LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Impact Score

2.7

Exploitability

3.9

REFERENCES

Loading…

API

Access Data Using Our API

Get company history

curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?
linkedin_id=axa' -H 'apikey: YOUR_API_KEY_HERE'

Try It API Documentation Rapid

MEASURE

What Do We Measure ?

Incident

Finding

Grade

Digital Assets

Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.

These are some of the factors we use to calculate the overall score:

Network SecurityIdentify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.

SBOM (Software Bill of Materials)Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.

CMDB (Configuration Management Database)Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.

Threat IntelligenceLeverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.

Rankiteo

By Rankiteo

★ ★ ★ ★ ★

View on G2.com

Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.

View latest plans →View all security reports →

MILESTONEG

Users
Love Us

Loading…