{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"versadac, toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"EPack toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EPC2000 toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Modicon M262 Logic Controllers firmware version 5.1.5.35 et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"SCD6000 Industrial RTU Version ant\u00e9rieures \u00e0 SCD6000 is SY-1101211_Mand","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"NMC embedded devices","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 V2021","product":{"name":"process","vendor":{"name":"Symfony","scada":false}}},{"description":"Tricon Communication Modules versions ant\u00e9rieures \u00e0 11.8","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"TelevisAir V3.0 Dongle BTLE (part number ADBT42* et ant\u00e9rieures)","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"T2750 PAC, toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"HMISTO Series HMISTU/S5T Series toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"TCSEGPA23F14F, BMECXM0100 toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Momentum ENT (170ENT11*) toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"nanodac toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Network Management Card 2 (NMC2)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric Software Update, V2.3.0 \u00e0 V2.5.1","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Network Management Card 3 (NMC3)","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"BMXNOM0200 toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"BMENOP0300, BMXNOR0200 toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Modicon LMC078 toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"E+PLC400 toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-22808","url":"https://www.cve.org/CVERecord?id=CVE-2021-22808"},{"name":"CVE-2021-34527","url":"https://www.cve.org/CVERecord?id=CVE-2021-34527"},{"name":"CVE-2021-22811","url":"https://www.cve.org/CVERecord?id=CVE-2021-22811"},{"name":"CVE-2021-22813","url":"https://www.cve.org/CVERecord?id=CVE-2021-22813"},{"name":"CVE-2020-35198","url":"https://www.cve.org/CVERecord?id=CVE-2020-35198"},{"name":"CVE-2021-22807","url":"https://www.cve.org/CVERecord?id=CVE-2021-22807"},{"name":"CVE-2021-22810","url":"https://www.cve.org/CVERecord?id=CVE-2021-22810"},{"name":"CVE-2021-22815","url":"https://www.cve.org/CVERecord?id=CVE-2021-22815"},{"name":"CVE-2021-1675","url":"https://www.cve.org/CVERecord?id=CVE-2021-1675"},{"name":"CVE-2021-22812","url":"https://www.cve.org/CVERecord?id=CVE-2021-22812"},{"name":"CVE-2021-22809","url":"https://www.cve.org/CVERecord?id=CVE-2021-22809"},{"name":"CVE-2021-22814","url":"https://www.cve.org/CVERecord?id=CVE-2021-22814"},{"name":"CVE-2020-28895","url":"https://www.cve.org/CVERecord?id=CVE-2020-28895"},{"name":"CVE-2021-22799","url":"https://www.cve.org/CVERecord?id=CVE-2021-22799"},{"name":"CVE-2021-22816","url":"https://www.cve.org/CVERecord?id=CVE-2021-22816"}],"links":[],"reference":"CERTFR-2021-AVI-853","revisions":[{"description":"Version initiale","revision_date":"2021-11-09T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-07 du 9 novembre 2021","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-01 du 9 novembre 2021","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-06 du 9 novembre 2021","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-06"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 novembre 2021","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 9 novembre 2021","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-02 du 9 novembre 2021","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 9 novembre 2021","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"}]}