{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>EcoStruxure\u2122 Control Expert</li> <li>Unity Pro (former name of EcoStruxure\u2122 Control Expert)</li> <li>EcoStruxure Geo SCADA Expert 2019 versions ant\u00e9rieures \u00e0 81.7613.1</li> <li>EcoStruxure Geo SCADA Expert 2020 versions ant\u00e9rieures \u00e0 83.7613.1</li> <li>Modicon M340 CPU BMXP34* versions ant\u00e9rieures \u00e0 V3.3</li> <li>Modicon M340 Ethernet Communication modules BMXNOC0401 versions ant\u00e9rieures \u00e0 V2.10 (*)</li> <li>Modicon M340 Ethernet Communication modules BMXNOE0100 versions ant\u00e9rieures \u00e0 V3.4</li> <li>Modicon M340 Ethernet Communication modules BMXNOE0110 versions ant\u00e9rieures \u00e0 V6.6</li> <li>Modicon Premium processors with integrated Ethernet COPRO TSXP574634, TSXP575634, TSXP576634</li> <li>Modicon Quantum CPUs 140CPU65xxxxx versions ant\u00e9rieures \u00e0 V6.1 (*)</li> <li>Modicon Quantum communication modules 140NOE771x1 versions ant\u00e9rieures \u00e0 V7.3 (*)</li> <li>Modicon Quantum communication modules 140NOC78x00 versions ant\u00e9rieures \u00e0 V1.74 (*)</li> <li>Modicon Quantum communication modules 140NOC77101 versions ant\u00e9rieures \u00e0 V1.08</li> <li>Modicon Premium communication modules TSXETY4103 versions ant\u00e9rieures \u00e0 V6.2 (*)</li> <li>Modicon Premium communication modules TSXETY5103 versions ant\u00e9rieures \u00e0 V6.4 (*)</li> <li>Modicon Premium CPUs TSXP574634, TSXP575634, TSXP576634 versions ant\u00e9rieures \u00e0 V6.1 (*)</li> <li>BMXNOE0100</li> <li>BMXNOE0110</li> <li>BMXNOR0200H</li> <li>BMXNOR200H</li> <li>Modicon M580 CPUs BMEx58xxxxx microgiciel versions ant\u00e9rieures \u00e0 3.20</li> <li>Modicon M258 versions ant\u00e9rieures \u00e0 5.0.4.11</li> <li>SoMachine/SoMachine Motion software</li> </ul> <p>(*) ces versions ne corrigent pas toutes les vuln\u00e9rabilit\u00e9s</p> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-7535","url":"https://www.cve.org/CVERecord?id=CVE-2020-7535"},{"name":"CVE-2020-7542","url":"https://www.cve.org/CVERecord?id=CVE-2020-7542"},{"name":"CVE-2020-7549","url":"https://www.cve.org/CVERecord?id=CVE-2020-7549"},{"name":"CVE-2020-7537","url":"https://www.cve.org/CVERecord?id=CVE-2020-7537"},{"name":"CVE-2020-7560","url":"https://www.cve.org/CVERecord?id=CVE-2020-7560"},{"name":"CVE-2020-28219","url":"https://www.cve.org/CVERecord?id=CVE-2020-28219"},{"name":"CVE-2020-7536","url":"https://www.cve.org/CVERecord?id=CVE-2020-7536"},{"name":"CVE-2020-7543","url":"https://www.cve.org/CVERecord?id=CVE-2020-7543"},{"name":"CVE-2020-28220","url":"https://www.cve.org/CVERecord?id=CVE-2020-28220"},{"name":"CVE-2020-7540","url":"https://www.cve.org/CVERecord?id=CVE-2020-7540"}],"links":[],"reference":"CERTFR-2020-AVI-801","revisions":[{"description":"Version initiale","revision_date":"2020-12-08T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-02 du 06 d\u00e9cembre 2020","url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-02/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-06 du 06 d\u00e9cembre 2020","url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-06/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-01 du 06 d\u00e9cembre 2020","url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-01/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-07 du 06 d\u00e9cembre 2020","url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-07/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-04 du 06 d\u00e9cembre 2020","url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-04/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-05 du 06 d\u00e9cembre 2020","url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-05/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-09 du 06 d\u00e9cembre 2020","url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-09/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-08 du 06 d\u00e9cembre 2020","url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-08/"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-03 du 06 d\u00e9cembre 2020","url":"https://www.se.com/ww/en/download/document/SEVD-2020-343-03/"}]}