{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Siemens WinCC V7.4 sans la mise \u00e0 jour de s\u00e9curit\u00e9 U1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siemens SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 1.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siemens PCS 7 V8.1 SP1 avec WinCC V7.3 sans la mise \u00e0 jour de s\u00e9curit\u00e9 U10, SIMATIC BATCH V8.1 SP1 sans la mise \u00e0 jour de s\u00e9curit\u00e9 U9, OpenPCS 7 V8.1 sans la mise \u00e0 jour de s\u00e9curit\u00e9 U3","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siemens SIMATIC NET PC-Software versions ant\u00e9rieures \u00e0 V13 SP2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siemens WinCC V7.3 sans la mise \u00e0 jour de s\u00e9curit\u00e9 U10","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siemens PCS 7 V8.2 avec WinCC V7.4 sans la mise \u00e0 jour de s\u00e9curit\u00e9 U1, OpenPCS 7 V8.2 sans la mise \u00e0 jour de s\u00e9curit\u00e9 U3","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siemens WinCC Runtime Professional V13 versions ant\u00e9rieures \u00e0 WinCC Runtime Professional V13 SP1 U9","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2016-5743","url":"https://www.cve.org/CVERecord?id=CVE-2016-5743"},{"name":"CVE-2016-6204","url":"https://www.cve.org/CVERecord?id=CVE-2016-6204"},{"name":"CVE-2016-5874","url":"https://www.cve.org/CVERecord?id=CVE-2016-5874"},{"name":"CVE-2016-5744","url":"https://www.cve.org/CVERecord?id=CVE-2016-5744"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 SCADA SSA-453276 Siemens du 22 juillet    2016","url":"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-453276.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 SCADA SSA-119132 Siemens du 22 juillet    2016","url":"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-119132.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 SCADA SSA-378531 Siemens du 22 juillet    2016","url":"http://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-378531.pdf"}],"reference":"CERTFR-2016-AVI-250","revisions":[{"description":"version initiale.","revision_date":"2016-07-25T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans <span\nclass=\"textit\">SCADA les produits Siemens</span>. Certaines d'entre\nelles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SCADA SSA-453276 Siemens du 22 juillet 2016","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SCADA SSA-378531 Siemens du 22 juillet 2016","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SCADA SSA-119132 Siemens du 22 juillet 2016","url":null}]}