{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"

IGSS Data Server versions ant\u00e9rieures \u00e0 V15.0.0.22021
EcoStruxure EV Charging Expert versions ant\u00e9rieures \u00e0 V4.0.0.13 SP8 (Version 01)
Easergy P40 Series model numbers avec option Ethernet (produit ayant le code Q, R, S)
spaceLYnk versions ant\u00e9rieures \u00e0 2.7.0
Wiser for KNX product versions ant\u00e9rieures \u00e0 2.7.0
fellerLYnk product versions ant\u00e9rieures \u00e0 2.7.0
EcoStruxure Geo SCADA Expert versions ant\u00e9rieures \u00e0 2021
ClearSCADA versions ant\u00e9rieures \u00e0 2017 R3 August 2021 Monthly Update.
Harmony/Magelis iPC Series sans le correctif fourni avec Vijeo Designer version V6.2 SP11 Multi HotFix 4
Vijeo Designer versions ant\u00e9rieures \u00e0 V6.2 SP11 Multi HotFix 4
Vijeo Designer Basic versions ant\u00e9rieures \u00e0 v1.2.1
M241/M251 toutes versions
EcoStruxure Machine Expert toutes versions
Harmony/Magelis mod\u00e8les HMISTU, HMIGTO, HMIGTU, HMIGTUX, HMIGK, HMISCU
Eurotherm E+PLC100 toutes versions
Eurotherm E+PLC400 toutes versions
Eurotherm E+PLC tools toutes versions
Easy Harmony ET6 (HMIET) sans le correctif fourni avec Vijeo Designer Basic version V1.2.1
Easy Harmony GXU (HMIGXU) sans le correctif fourni avec Vijeo Designer Basic version V1.2.1
Harmony/ Magelis mod\u00e8les HMIGTU, HMIGTUX, HMIGK sans le correctif fourni avec Vijeo Designer version V6.2 SP11 Multi HotFix 4
Modicon M241/M251 Logic Controllers versions ant\u00e9rieures \u00e0 V5.1.9.34
Modicon M262 Logic Controllers versions ant\u00e9rieures \u00e0 V5.1.6.1
Easergy MiCOM P30 versions 660 -674
Easergy MiCOM P40 toutes versions

","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-22817","url":"https://www.cve.org/CVERecord?id=CVE-2021-22817"},{"name":"CVE-2022-22812","url":"https://www.cve.org/CVERecord?id=CVE-2022-22812"},{"name":"CVE-2022-24312","url":"https://www.cve.org/CVERecord?id=CVE-2022-24312"},{"name":"CVE-2020-35198","url":"https://www.cve.org/CVERecord?id=CVE-2020-35198"},{"name":"CVE-2022-24316","url":"https://www.cve.org/CVERecord?id=CVE-2022-24316"},{"name":"CVE-2022-24314","url":"https://www.cve.org/CVERecord?id=CVE-2022-24314"},{"name":"CVE-2022-24320","url":"https://www.cve.org/CVERecord?id=CVE-2022-24320"},{"name":"CVE-2022-22811","url":"https://www.cve.org/CVERecord?id=CVE-2022-22811"},{"name":"CVE-2022-24321","url":"https://www.cve.org/CVERecord?id=CVE-2022-24321"},{"name":"CVE-2022-22810","url":"https://www.cve.org/CVERecord?id=CVE-2022-22810"},{"name":"CVE-2022-24310","url":"https://www.cve.org/CVERecord?id=CVE-2022-24310"},{"name":"CVE-2022-24311","url":"https://www.cve.org/CVERecord?id=CVE-2022-24311"},{"name":"CVE-2022-24318","url":"https://www.cve.org/CVERecord?id=CVE-2022-24318"},{"name":"CVE-2022-22813","url":"https://www.cve.org/CVERecord?id=CVE-2022-22813"},{"name":"CVE-2022-24313","url":"https://www.cve.org/CVERecord?id=CVE-2022-24313"},{"name":"CVE-2022-24319","url":"https://www.cve.org/CVERecord?id=CVE-2022-24319"},{"name":"CVE-2022-24315","url":"https://www.cve.org/CVERecord?id=CVE-2022-24315"},{"name":"CVE-2022-22809","url":"https://www.cve.org/CVERecord?id=CVE-2022-22809"},{"name":"CVE-2022-22808","url":"https://www.cve.org/CVERecord?id=CVE-2022-22808"},{"name":"CVE-2020-28895","url":"https://www.cve.org/CVERecord?id=CVE-2020-28895"},{"name":"CVE-2022-24317","url":"https://www.cve.org/CVERecord?id=CVE-2022-24317"},{"name":"CVE-2021-29240","url":"https://www.cve.org/CVERecord?id=CVE-2021-29240"},{"name":"CVE-2022-22807","url":"https://www.cve.org/CVERecord?id=CVE-2022-22807"}],"links":[],"reference":"CERTFR-2022-AVI-123","revisions":[{"description":"Version initiale","revision_date":"2022-02-09T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-01 du 08 f\u00e9vrier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-04 du 08 f\u00e9vrier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-05 du 08 f\u00e9vrier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-03 du 08 f\u00e9vrier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-03"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-06 du 08 f\u00e9vrier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-02 du 08 f\u00e9vrier 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02"}]}