{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions ant\u00e9rieures \u00e0 1.1.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Wiser for KNX (anciennement homeLYnk) versions ant\u00e9rieures \u00e0 2.4.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Premium","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et ant\u00e9rieure, sans le correctif de s\u00e9curit\u00e9 TelevisGo_HotFix_20190715.exe","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Magelis HMIGTO series","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Magelis XBTGH series","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Magelis HMIGTUX series","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Magelis XBTGC series","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M580 versions ant\u00e9rieures \u00e0 V2.90","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Magelis HMIGTU series","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"BMXNOR0200H Ethernet / Serial RTU module","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Magelis HMISTO series","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Magelis HMISCU series","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Magelis HMIGXO series","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M340 versions ant\u00e9rieures \u00e0 V3.10","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric Software Update (SESU) SUT Service component versions ant\u00e9rieures \u00e0 2.3.1","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Magelis XBTGT series","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Magelis HMIGXU series","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Magelis HMISTU series","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"spaceLYnk versions ant\u00e9rieures \u00e0 2.4.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Quantum","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2018-15361","url":"https://www.cve.org/CVERecord?id=CVE-2018-15361"},{"name":"CVE-2019-8262","url":"https://www.cve.org/CVERecord?id=CVE-2019-8262"},{"name":"CVE-2019-8277","url":"https://www.cve.org/CVERecord?id=CVE-2019-8277"},{"name":"CVE-2019-6828","url":"https://www.cve.org/CVERecord?id=CVE-2019-6828"},{"name":"CVE-2019-8265","url":"https://www.cve.org/CVERecord?id=CVE-2019-8265"},{"name":"CVE-2019-8269","url":"https://www.cve.org/CVERecord?id=CVE-2019-8269"},{"name":"CVE-2019-8260","url":"https://www.cve.org/CVERecord?id=CVE-2019-8260"},{"name":"CVE-2019-8263","url":"https://www.cve.org/CVERecord?id=CVE-2019-8263"},{"name":"CVE-2019-6832","url":"https://www.cve.org/CVERecord?id=CVE-2019-6832"},{"name":"CVE-2019-8261","url":"https://www.cve.org/CVERecord?id=CVE-2019-8261"},{"name":"CVE-2019-8276","url":"https://www.cve.org/CVERecord?id=CVE-2019-8276"},{"name":"CVE-2018-7846","url":"https://www.cve.org/CVERecord?id=CVE-2018-7846"},{"name":"CVE-2019-8259","url":"https://www.cve.org/CVERecord?id=CVE-2019-8259"},{"name":"CVE-2018-7842","url":"https://www.cve.org/CVERecord?id=CVE-2018-7842"},{"name":"CVE-2018-7849","url":"https://www.cve.org/CVERecord?id=CVE-2018-7849"},{"name":"CVE-2019-8271","url":"https://www.cve.org/CVERecord?id=CVE-2019-8271"},{"name":"CVE-2019-6831","url":"https://www.cve.org/CVERecord?id=CVE-2019-6831"},{"name":"CVE-2019-6813","url":"https://www.cve.org/CVERecord?id=CVE-2019-6813"},{"name":"CVE-2019-6809","url":"https://www.cve.org/CVERecord?id=CVE-2019-6809"},{"name":"CVE-2019-6829","url":"https://www.cve.org/CVERecord?id=CVE-2019-6829"},{"name":"CVE-2018-7852","url":"https://www.cve.org/CVERecord?id=CVE-2018-7852"},{"name":"CVE-2019-8267","url":"https://www.cve.org/CVERecord?id=CVE-2019-8267"},{"name":"CVE-2019-6830","url":"https://www.cve.org/CVERecord?id=CVE-2019-6830"},{"name":"CVE-2019-6810","url":"https://www.cve.org/CVERecord?id=CVE-2019-6810"},{"name":"CVE-2018-7854","url":"https://www.cve.org/CVERecord?id=CVE-2018-7854"},{"name":"CVE-2019-8280","url":"https://www.cve.org/CVERecord?id=CVE-2019-8280"},{"name":"CVE-2018-7844","url":"https://www.cve.org/CVERecord?id=CVE-2018-7844"},{"name":"CVE-2018-7847","url":"https://www.cve.org/CVERecord?id=CVE-2018-7847"},{"name":"CVE-2018-7855","url":"https://www.cve.org/CVERecord?id=CVE-2018-7855"},{"name":"CVE-2019-8275","url":"https://www.cve.org/CVERecord?id=CVE-2019-8275"},{"name":"CVE-2019-8274","url":"https://www.cve.org/CVERecord?id=CVE-2019-8274"},{"name":"CVE-2019-6808","url":"https://www.cve.org/CVERecord?id=CVE-2019-6808"},{"name":"CVE-2019-6826","url":"https://www.cve.org/CVERecord?id=CVE-2019-6826"},{"name":"CVE-2018-7850","url":"https://www.cve.org/CVERecord?id=CVE-2018-7850"},{"name":"CVE-2018-7856","url":"https://www.cve.org/CVERecord?id=CVE-2018-7856"},{"name":"CVE-2019-8266","url":"https://www.cve.org/CVERecord?id=CVE-2019-8266"},{"name":"CVE-2019-8270","url":"https://www.cve.org/CVERecord?id=CVE-2019-8270"},{"name":"CVE-2019-6834","url":"https://www.cve.org/CVERecord?id=CVE-2019-6834"},{"name":"CVE-2019-68067","url":"https://www.cve.org/CVERecord?id=CVE-2019-68067"},{"name":"CVE-2018-7845","url":"https://www.cve.org/CVERecord?id=CVE-2018-7845"},{"name":"CVE-2019-8258","url":"https://www.cve.org/CVERecord?id=CVE-2019-8258"},{"name":"CVE-2018-7857","url":"https://www.cve.org/CVERecord?id=CVE-2018-7857"},{"name":"CVE-2019-8264","url":"https://www.cve.org/CVERecord?id=CVE-2019-8264"},{"name":"CVE-2019-6833","url":"https://www.cve.org/CVERecord?id=CVE-2019-6833"},{"name":"CVE-2019-8272","url":"https://www.cve.org/CVERecord?id=CVE-2019-8272"},{"name":"CVE-2019-8268","url":"https://www.cve.org/CVERecord?id=CVE-2019-8268"},{"name":"CVE-2019-68077","url":"https://www.cve.org/CVERecord?id=CVE-2019-68077"},{"name":"CVE-2019-8273","url":"https://www.cve.org/CVERecord?id=CVE-2019-8273"},{"name":"CVE-2018-7853","url":"https://www.cve.org/CVERecord?id=CVE-2018-7853"},{"name":"CVE-2018-7843","url":"https://www.cve.org/CVERecord?id=CVE-2018-7843"},{"name":"CVE-2018-7848","url":"https://www.cve.org/CVERecord?id=CVE-2018-7848"}],"links":[],"reference":"CERTFR-2019-AVI-384","revisions":[{"description":"Version initiale","revision_date":"2019-08-13T00:00:00.000000"},{"description":"Ajout du bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019","revision_date":"2019-08-14T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-06 du 13 ao\u00fbt 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-225-06-SESU_SUT_Service.pdf&p_Doc_Ref=SEVD-2019-225-06"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-225-04_SoMachine_HVAC_Security_Notification.pdf&p_Doc_Ref=SEVD-2019-225-04"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-01 du 13 ao\u00fbt 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-225-01-Magelis_Security_Notification.pdf&p_Doc_Ref=SEVD-2019-225-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-03 du 13 ao\u00fbt 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-225-03-Modicon-Ethernet+-Serial-RTU-Module-Security_Notification.pdf&p_Doc_Ref=SEVD-2019-225-03"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-07 du 13 ao\u00fbt 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-225-07-spaceLYnk-homeLYnk.pdf&p_Doc_Ref=SEVD-2019-225-07"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-02 du 13 ao\u00fbt 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-225-02-Modicon_M340_Controllers_Security_Notification.pdf&p_Doc_Ref=SEVD-2019-225-02"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-11 du 13 ao\u00fbt 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-134-11-V2-Modicon-Controllers.pdf&p_Doc_Ref=SEVD-2019-134-11"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-05 du 13 ao\u00fbt 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-225-05-TelevisGO_Security_Notification.pdf&p_Doc_Ref=SEVD-2019-225-05"}]}