{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"CloudConnect 712 versions ant\u00e9rieures \u00e0 V1.1.5","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC TDC CP51M1 versions ant\u00e9rieures \u00e0 V1.1.7","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Se r\u00e9f\u00e9rer au bulletins de l'\u00e9diteurs pour la liste compl\u00e8te des produits vuln\u00e9rables, notamment le bulletin de s\u00e9curit\u00e9 SSA-187667 concernant les derni\u00e8res vuln\u00e9rabilit\u00e9s affectant les Remote Desktop Services de Microsoft (cf. https://www.cert.ssi.gouv.fr/alerte/CERTFR-2019-ALE-012/).","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V2.0 SP1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINETPLAN versions V2.0 sans TIA Administrator V1.0 SP1 Upd1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SCALANCE SC-600 versions ant\u00e9rieures \u00e0 V2.0.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2019-1182","url":"https://www.cve.org/CVERecord?id=CVE-2019-1182"},{"name":"CVE-2019-10937","url":"https://www.cve.org/CVERecord?id=CVE-2019-10937"},{"name":"CVE-2019-12256","url":"https://www.cve.org/CVERecord?id=CVE-2019-12256"},{"name":"CVE-2019-13920","url":"https://www.cve.org/CVERecord?id=CVE-2019-13920"},{"name":"CVE-2019-12264","url":"https://www.cve.org/CVERecord?id=CVE-2019-12264"},{"name":"CVE-2019-11478","url":"https://www.cve.org/CVERecord?id=CVE-2019-11478"},{"name":"CVE-2019-1222","url":"https://www.cve.org/CVERecord?id=CVE-2019-1222"},{"name":"CVE-2019-12258","url":"https://www.cve.org/CVERecord?id=CVE-2019-12258"},{"name":"CVE-2019-12259","url":"https://www.cve.org/CVERecord?id=CVE-2019-12259"},{"name":"CVE-2019-12261","url":"https://www.cve.org/CVERecord?id=CVE-2019-12261"},{"name":"CVE-2019-13922","url":"https://www.cve.org/CVERecord?id=CVE-2019-13922"},{"name":"CVE-2019-1226","url":"https://www.cve.org/CVERecord?id=CVE-2019-1226"},{"name":"CVE-2019-13923","url":"https://www.cve.org/CVERecord?id=CVE-2019-13923"},{"name":"CVE-2019-10915","url":"https://www.cve.org/CVERecord?id=CVE-2019-10915"},{"name":"CVE-2019-12263","url":"https://www.cve.org/CVERecord?id=CVE-2019-12263"},{"name":"CVE-2019-11479","url":"https://www.cve.org/CVERecord?id=CVE-2019-11479"},{"name":"CVE-2019-12257","url":"https://www.cve.org/CVERecord?id=CVE-2019-12257"},{"name":"CVE-2019-1181","url":"https://www.cve.org/CVERecord?id=CVE-2019-1181"},{"name":"CVE-2019-11477","url":"https://www.cve.org/CVERecord?id=CVE-2019-11477"},{"name":"CVE-2019-12260","url":"https://www.cve.org/CVERecord?id=CVE-2019-12260"},{"name":"CVE-2019-12262","url":"https://www.cve.org/CVERecord?id=CVE-2019-12262"},{"name":"CVE-2019-12255","url":"https://www.cve.org/CVERecord?id=CVE-2019-12255"},{"name":"CVE-2019-13918","url":"https://www.cve.org/CVERecord?id=CVE-2019-13918"},{"name":"CVE-2019-13919","url":"https://www.cve.org/CVERecord?id=CVE-2019-13919"},{"name":"CVE-2019-12265","url":"https://www.cve.org/CVERecord?id=CVE-2019-12265"}],"links":[],"reference":"CERTFR-2019-AVI-429","revisions":[{"description":"Version initiale","revision_date":"2019-09-10T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-250618 du 10 septembre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-250618.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-462066 du 10 septembre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-189842 du 10 septembre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-187667 du 10 septembre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-187667.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-884497 du 10 septembre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-884497.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-834884 du 10 septembre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-834884.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-191683 du 10 septembre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-191683.pdf"}]}