I’ve tried to contact MTCaptcha using their two documented email addresses ([email protected] and [email protected]) but didn’t get any response. If you know someone there I’d appreciate an email address.
So the company has one (1) employee on LinkedIn, so if anyone has 1st or 2nd degree access to this LinkedIn account’s employee page: https://www.linkedin.com/company/mtcaptcha/
I left them a comment: MTCaptcha on LinkedIn: 95 Top San Francisco Cyber Security Companies and Startups of 2021
If nothing happens and it’s not a CVE, it’s probably useless to report it publicly.
Since it’s used by ABB (ICS), I would FORWARD the email your sent already to
ABB and CC: [email protected]
I would consider it ICS, so just forward the first email you sent to ABB and CC ICS CERT (above).
Once you’ve done all that, and if nobody responds, wait a wait, then you can probably just think about going public.
Thanks for looking into this!
I did see their LinkedIn and the article you mentioned, but didn’t think of leaving a comment there.
ABB doesn’t seem to be using them anymore. I did find a few companies using them on Shodan/Censys, but none of them appear to have disclosure policies except for the BBP where I orignaly reported the vulnerability.