EBL Bug Bounty Program
Program Overview
Compass Security manages the bug bounty program for EBL (Genossenschaft Elektra Baselland), covering its energy solutions, OT systems, SCADA environments, and digital infrastructure. EBL's commitment to security and innovation reflects its dedication to providing sustainable, reliable energy while safeguarding customer trust. As a forward-thinking energy provider with decades of expertise in renewable energy and innovation, EBL invites ethical hackers to help secure its operations and uncover vulnerabilities in exchange for generous rewards.
Bounty Rewards
| Property | Value |
|---|
| Max. Bounty | CHF 10,000 |
| Min. Bounty | CHF 100 |
| Avg. Bounty | CHF 350 |
| Budget | CHF 10,000 |
Terms, Rules & Standards
This program follows the Platform Standards and the Terms and Conditions. Please review both documents before testing or submitting any reports. They define general rules of engagement, eligibility for bounty rewards, netiquette, confidentiality requirements, and further legal guidelines that apply to all participants.
Asset Lists
High Risk
| Severity | Bounty |
|---|
| Low | CHF 300 |
| Medium | CHF 300-640 |
| High | CHF 640-2,560 |
| Critical | CHF 2,560-5,000 |
Targets:
- 87.102.253.38 / sftp01.rzebl.ch
- 87.102.253.44 / ebl.rzebl.ch
- 87.102.253.47 / webmail.rzebl.ch / autodiscover.rzebl.ch
- 87.102.253.48 / prtg.rzebl.ch
- 87.102.253.54 / asterix.rzebl.ch
- 87.102.253.55 / alwaysonvpn test
- 87.102.253.56 / alwaysonvpn.ebl.ch
- 87.102.253.61 / webauth.rzebl.ch
Medium Risk
| Severity | Bounty |
|---|
| Low | CHF 200 |
| Medium | CHF 200 |
| High | CHF 200-512 |
| Critical | CHF 512-1,000 |
Targets:
- 87.102.253.34 / relay.rzebl.ch
- 87.102.253.35 / medcsg.ebl.ch
- 87.102.253.36 / mfa.rzebl.ch
- 87.102.253.37 / mam-test.ebl.ch
- 87.102.253.39 / raven.rzebl.ch
- 87.102.253.41 / mobile.rzebl.ch
- 87.102.253.42
- 87.102.253.43
- 87.102.253.45 / eblcrm.rzebl.ch / adfs.rzebl.ch / auth.rzebl.ch / dev.rzebl.ch / oos.rzebl.ch / zeiterfassung.rzebl.ch
- 87.102.253.46 / me.ebl.ch
- 87.102.253.49 / auth.ebl.ch
- 87.102.253.50 / test.ebl.ch
- 87.102.253.51 / mdm.ebl.ch
- 87.102.253.52 / xm.ebl.ch
- 87.102.253.53 / sharefile.ebl.ch / kallisto.ebl.ch / kallisto-uat.ebl.ch / auth.esds.ebl.ch / auth-uat.esds.ebl.ch
- 87.102.253.57 / M2Data-Q.rzebl.ch
- 87.102.253.58 / M2Data.rzebl.ch
- 87.102.253.59 / ebl-test.rzebl.ch
- 87.102.253.60 / outlook.rzebl.ch
- 87.102.253.62 / smtp-exo.ebl.ch
- 20.103.100.138
- 108.141.184.29
- 52.148.210.157
- 20.160.146.186
- 40.68.27.137
- 172.201.177.51
- 13.80.69.40
- 20.73.78.230
- 20.73.159.248
- 51.144.253.8
- 40.68.220.143
- 20.16.85.235
- 20.61.186.172
- 4.180.133.195
- 104.46.62.136
- 104.40.207.140
Low Risk
| Severity | Bounty |
|---|
| Low | CHF 100 |
| Medium | CHF 100 |
| High | CHF 100-256 |
| Critical | CHF 256-500 |
Targets:
- 87.102.253.32
- 87.102.253.33 / pegasus.rzebl.ch
- 87.102.253.40 / hermes.rzebl.ch
- 87.102.253.63
- 157.161.131.1
- 157.161.131.2
- 157.161.131.3
- 157.161.131.4
- 157.161.131.5
- 157.161.131.6
- *.ebl.ch
- *.rzebl.ch
- *.schweizstrom.ch
- *.waermecheck.ch
Excluded Items
The bug bounty exclusion list comprises targets that are excluded from the program, and no rewards will be granted for reported vulnerabilities on these targets:
- All assets not listed in the asset list
- Any 3rd Party-Services (M365, O365, Atlassian, Azure, Git, etc.)
Specific Program Rules
- Hunters must not be affiliated with EBL in any way, including as employees, contractors, or agents.
Acknowledgement
EBL may give public acknowledgment to individuals who have identified significant vulnerabilities under the program and received bounties. On EBL acknowledge, Compass might also choose to acknowledge you on websites or printed materials, unless you specifically request your name to be excluded.
References