{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Easergy P5, versions ant\u00e9rieures \u00e0 01.401.101, se r\u00e9f\u00e9rer aux informations fournies par l'\u00e9diteur pour appliquer les mesures de contournement","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ConneXium Tofino Firewall TCSEFEA23F3F20 et 21, toutes versions. Ces produits ne sont plus maintenus par l'\u00e9diteur qui incite fortement \u00e0 mettre \u00e0 jour vers la gamme TCSEFA23F3F22","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"ConneXium Tofino OPC-LSM TCSEFM0000, versions ant\u00e9rieures \u00e0 03.23","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"CODESYS V3, v\u00e9rifier l'avis SEVD-2022-011-06 pour identifier les p\u00e9riph\u00e9riques utilisant ce syst\u00e8me d'exploitation et appliquer les mesures de contournement sugg\u00e9r\u00e9es par l'\u00e9diteur","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Easergy T300, versions ant\u00e9rieures \u00e0 2.7.1","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Easergy P3, versions ant\u00e9rieures \u00e0 30.205, se r\u00e9f\u00e9rer aux informations fournies par l'\u00e9diteur pour appliquer les mesures de contournement","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Power Monitoring Expert 2020, versions ant\u00e9rieures \u00e0 2020 CU3 sans le composant Floating License Manager 2.7","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"ConneXium Tofino Firewall TCSEFEA23F3F22, versions ant\u00e9rieures \u00e0 03.23","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M340 Quantum et Premium Quantum CPUs, v\u00e9rifier l'avis SEVD-2022-011-01 pour identifier les autres syst\u00e8mes Modicon vuln\u00e9rables et appliquer les mesures de contournement sugg\u00e9r\u00e9es par l'\u00e9diteur","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Power Monitoring Expert 9.0, toutes versions. Ces produits ne sont plus maintenus par l'\u00e9diteur qui incite fortement \u00e0 mettre \u00e0 jour vers la gamme Power Monitoring Expert 2021","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-22723","url":"https://www.cve.org/CVERecord?id=CVE-2022-22723"},{"name":"CVE-2021-21869","url":"https://www.cve.org/CVERecord?id=CVE-2021-21869"},{"name":"CVE-2021-21866","url":"https://www.cve.org/CVERecord?id=CVE-2021-21866"},{"name":"CVE-2021-30066","url":"https://www.cve.org/CVERecord?id=CVE-2021-30066"},{"name":"CVE-2021-30064","url":"https://www.cve.org/CVERecord?id=CVE-2021-30064"},{"name":"CVE-2022-22724","url":"https://www.cve.org/CVERecord?id=CVE-2022-22724"},{"name":"CVE-2019-8963","url":"https://www.cve.org/CVERecord?id=CVE-2019-8963"},{"name":"CVE-2021-30063","url":"https://www.cve.org/CVERecord?id=CVE-2021-30063"},{"name":"CVE-2021-30061","url":"https://www.cve.org/CVERecord?id=CVE-2021-30061"},{"name":"CVE-2021-21863","url":"https://www.cve.org/CVERecord?id=CVE-2021-21863"},{"name":"CVE-2022-22722","url":"https://www.cve.org/CVERecord?id=CVE-2022-22722"},{"name":"CVE-2021-21865","url":"https://www.cve.org/CVERecord?id=CVE-2021-21865"},{"name":"CVE-2020-7534","url":"https://www.cve.org/CVERecord?id=CVE-2020-7534"},{"name":"CVE-2021-21867","url":"https://www.cve.org/CVERecord?id=CVE-2021-21867"},{"name":"CVE-2022-22804","url":"https://www.cve.org/CVERecord?id=CVE-2022-22804"},{"name":"CVE-2021-30062","url":"https://www.cve.org/CVERecord?id=CVE-2021-30062"},{"name":"CVE-2022-22726","url":"https://www.cve.org/CVERecord?id=CVE-2022-22726"},{"name":"CVE-2022-22725","url":"https://www.cve.org/CVERecord?id=CVE-2022-22725"},{"name":"CVE-2021-29241","url":"https://www.cve.org/CVERecord?id=CVE-2021-29241"},{"name":"CVE-2020-8597","url":"https://www.cve.org/CVERecord?id=CVE-2020-8597"},{"name":"CVE-2021-29240","url":"https://www.cve.org/CVERecord?id=CVE-2021-29240"},{"name":"CVE-2022-22727","url":"https://www.cve.org/CVERecord?id=CVE-2022-22727"},{"name":"CVE-2021-21864","url":"https://www.cve.org/CVERecord?id=CVE-2021-21864"},{"name":"CVE-2021-21868","url":"https://www.cve.org/CVERecord?id=CVE-2021-21868"},{"name":"CVE-2021-30065","url":"https://www.cve.org/CVERecord?id=CVE-2021-30065"},{"name":"CVE-2021-33485","url":"https://www.cve.org/CVERecord?id=CVE-2021-33485"}],"links":[],"reference":"CERTFR-2022-AVI-017","revisions":[{"description":"Version initiale","revision_date":"2022-01-11T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Ex\u00e9cution de code arbitraire"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-07 du 11 janvier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-07"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-03 du 11 janvier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-03"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-04 du 11 janvier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-04"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-01 du 11 janvier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-02 du 11 janvier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-02"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-05 du 11 janvier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-05"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-011-06 du 11 janvier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-011-06"}]}