{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"EcoStruxure Power Monitoring Expert 8.2","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Power Monitoring Expert 8.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Power Monitoring Expert versions 7.2.x","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Power Monitoring Expert 8.1","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Building Operation - Energy Expert (anciennement Power Manager) versions 1.x","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2017-11357","url":"https://www.cve.org/CVERecord?id=CVE-2017-11357"}],"links":[],"reference":"CERTFR-2017-AVI-399","revisions":[{"description":"Version initiale","revision_date":"2017-11-08T00:00:00.000000"},{"description":"Version initiale","revision_date":"2017-11-08T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Schneider Electric EcoStruxure\nPower Monitoring Expert et EcoStruxure Building Operation. Elle permet \u00e0\nun attaquant de provoquer une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es, une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une injection de code\nindirecte \u00e0 distance (XSS).\n","title":"Vuln\u00e9rabilit\u00e9 dans Schneider Electric EcoStruxure Power Monitoring Expert et EcoStruxure Building Operation","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2017-311-01 du 6 novembre 2017","url":"https://www.schneider-electric.com/en/download/document/SEVD-2017-311-01/"}]}