{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Netbotz Advanced View (Java Version 6)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"StruxureWare Data Center Expert (Java Version 6)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"PowerChute Business Edition (Java Version 6)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"StruxureWare Operations (Java Version 6)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Network Management Card (NMC) Device IP Wizard (Java Version 7)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"PowerChute Network Shutdown (Java Version 6)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2012-4681","url":"https://www.cve.org/CVERecord?id=CVE-2012-4681"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric du 17 septembre    2012 :","url":"http://www2.schneider-electric.com/resources/sites/SCHNEIDER_ELECTRIC/content/live/FAQS/162000/FA162073/en_US/Java%20Vulnerability%20(CVE-2012-4681)%20Advisory.pdf"}],"reference":"CERTA-2012-AVI-574","revisions":[{"description":"version initiale.","revision_date":"2012-10-16T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"Une vuln\u00e9rabilit\u00e9 critique a \u00e9t\u00e9 corrig\u00e9e dans <span\nclass=\"textit\">Schneider Electric Critical Power and Cooling\nServices</span> (CPCS). Elle permet \u00e0 un attaquant d'ex\u00e9cuter du code\narbitraire \u00e0 distance en utilisant un \"applet\" Java sp\u00e9cialement con\u00e7u.\nLa vuln\u00e9rabilit\u00e9 concerne la <span class=\"textit\">Java Runtime\nEnvironment</span> (JRE) et permet de contourner les restrictions du\n\"SecurityManager\".\n","title":"Vuln\u00e9rabilit\u00e9 dans le syst\u00e8me SCADA Schneider Electric Critical Power and Cooling Services","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric du 17 septembre 2012","url":null}]}