{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>Mendix Forgot Password Appstore module versions 3.2.x ant\u00e9rieures \u00e0 3.2.2</li> <li>Mendix Forgot Password Appstore module versions 3.3.x \u00e0 3.5.x ant\u00e9rieures \u00e0 3.5.1</li> <li>Mendix Applications utilisant Mendix versions 7.x ant\u00e9rieures \u00e0 7.23.29</li> <li>Mendix Applications utilisant Mendix versions 8.x ant\u00e9rieures \u00e0 8.18.16</li> <li>COMOS versions ant\u00e9rieures \u00e0 10.4.1</li> <li>Simcenter STAR-CCM+ Viewer versions ant\u00e9rieures \u00e0 V2022.1</li> <li>SIMOTICS CONNECT 400 versions ant\u00e9rieures \u00e0 1.0.0.0</li> <li>Climatix POL909 (module AWB) versions ant\u00e9rieures \u00e0 11.44</li> <li>Climatix POL909 (module AWM) versions ant\u00e9rieures \u00e0 11.36</li> <li>RUGGEDCOM ROS M2100, RMC8388, RS416v2, RS900G, RS900G (32M), RSG900, RSG920P, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions ant\u00e9rieures \u00e0 5.6.0</li> <li>SINUMERIK MC versions ant\u00e9rieures \u00e0 1.15 SP1</li> <li>SINUMERIK ONE versions ant\u00e9rieures \u00e0 6.15 SP1</li> <li>SINEC INS versions ant\u00e9rieures \u00e0 1.0.1.1</li> <li>RUGGEDCOM ROX MX5000, RX1400, RX1500, RX1501, RX1510, RX1511, RX1512, RX1524, RX1536 et RX5000 versions ant\u00e9rieures \u00e0 2.15.0</li> <li>Polarion Subversion Webclient versions ant\u00e9rieures \u00e0 21 R2 P2</li> <li>RUGGEDCOM ROS i800, i801, i802, i803, M969, M2100, M2200, RMC, RMC20, RMC30, RMC40, RMC41, RMC8388, RP110, RS400, RS401, RS416, RS416v2, RS900 (32M), RS900G, RS900G (32M), RS900GP, RS900L, RS900L, RS900W, RS910, RS910L, RS910W, RS920L, RS920W, RS930L, RS930W, RS940G, RS969, RS8000, RS8000A, RS8000H, RS8000T, RSG900, RSG900C, RSG900G, RSG900R, RSG907R, RSG908C, RSG909R, RSG910C, RSG920P, RSG2100, RSG2100 (32M), RSG2100P, RSG2100P (32M), RSG2200, RSG2288, RSG2300, RSG2300P, RSG2488, RSL910, RST916C, RST916P et RST2228 versions ant\u00e9rieures \u00e0 5.6.0</li> </ul> <p>L'\u00e9diteur ne propose pas de correctif pour :</p> <ul> <li>Mendix Applications utilisant Mendix versions 9</li> <li>SINEC NMS toutes versions</li> </ul> <p>Se r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es dans la section Documentation.</p> <p>&nbsp;</p> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2021-44478","url":"https://www.cve.org/CVERecord?id=CVE-2021-44478"},{"name":"CVE-2021-22898","url":"https://www.cve.org/CVERecord?id=CVE-2021-22898"},{"name":"CVE-2020-13871","url":"https://www.cve.org/CVERecord?id=CVE-2020-13871"},{"name":"CVE-2021-42017","url":"https://www.cve.org/CVERecord?id=CVE-2021-42017"},{"name":"CVE-2022-24282","url":"https://www.cve.org/CVERecord?id=CVE-2022-24282"},{"name":"CVE-2021-25215","url":"https://www.cve.org/CVERecord?id=CVE-2021-25215"},{"name":"CVE-2019-19317","url":"https://www.cve.org/CVERecord?id=CVE-2019-19317"},{"name":"CVE-2020-8169","url":"https://www.cve.org/CVERecord?id=CVE-2020-8169"},{"name":"CVE-2021-25174","url":"https://www.cve.org/CVERecord?id=CVE-2021-25174"},{"name":"CVE-2021-22925","url":"https://www.cve.org/CVERecord?id=CVE-2021-22925"},{"name":"CVE-2021-37701","url":"https://www.cve.org/CVERecord?id=CVE-2021-37701"},{"name":"CVE-2021-32944","url":"https://www.cve.org/CVERecord?id=CVE-2021-32944"},{"name":"CVE-2019-19244","url":"https://www.cve.org/CVERecord?id=CVE-2019-19244"},{"name":"CVE-2021-27290","url":"https://www.cve.org/CVERecord?id=CVE-2021-27290"},{"name":"CVE-2021-42020","url":"https://www.cve.org/CVERecord?id=CVE-2021-42020"},{"name":"CVE-2020-8285","url":"https://www.cve.org/CVERecord?id=CVE-2020-8285"},{"name":"CVE-2021-22901","url":"https://www.cve.org/CVERecord?id=CVE-2021-22901"},{"name":"CVE-2021-22940","url":"https://www.cve.org/CVERecord?id=CVE-2021-22940"},{"name":"CVE-2021-32804","url":"https://www.cve.org/CVERecord?id=CVE-2021-32804"},{"name":"CVE-2020-13632","url":"https://www.cve.org/CVERecord?id=CVE-2020-13632"},{"name":"CVE-2022-24281","url":"https://www.cve.org/CVERecord?id=CVE-2022-24281"},{"name":"CVE-2021-32936","url":"https://www.cve.org/CVERecord?id=CVE-2021-32936"},{"name":"CVE-2021-22930","url":"https://www.cve.org/CVERecord?id=CVE-2021-22930"},{"name":"CVE-2019-19926","url":"https://www.cve.org/CVERecord?id=CVE-2019-19926"},{"name":"CVE-2020-9327","url":"https://www.cve.org/CVERecord?id=CVE-2020-9327"},{"name":"CVE-2020-8286","url":"https://www.cve.org/CVERecord?id=CVE-2020-8286"},{"name":"CVE-2020-7774","url":"https://www.cve.org/CVERecord?id=CVE-2020-7774"},{"name":"CVE-2021-22918","url":"https://www.cve.org/CVERecord?id=CVE-2021-22918"},{"name":"CVE-2020-27304","url":"https://www.cve.org/CVERecord?id=CVE-2020-27304"},{"name":"CVE-2021-32946","url":"https://www.cve.org/CVERecord?id=CVE-2021-32946"},{"name":"CVE-2021-41543","url":"https://www.cve.org/CVERecord?id=CVE-2021-41543"},{"name":"CVE-2020-8177","url":"https://www.cve.org/CVERecord?id=CVE-2020-8177"},{"name":"CVE-2020-1971","url":"https://www.cve.org/CVERecord?id=CVE-2020-1971"},{"name":"CVE-2020-13630","url":"https://www.cve.org/CVERecord?id=CVE-2020-13630"},{"name":"CVE-2021-3450","url":"https://www.cve.org/CVERecord?id=CVE-2021-3450"},{"name":"CVE-2021-22939","url":"https://www.cve.org/CVERecord?id=CVE-2021-22939"},{"name":"CVE-2019-19646","url":"https://www.cve.org/CVERecord?id=CVE-2019-19646"},{"name":"CVE-2021-40366","url":"https://www.cve.org/CVERecord?id=CVE-2021-40366"},{"name":"CVE-2021-41542","url":"https://www.cve.org/CVERecord?id=CVE-2021-41542"},{"name":"CVE-2021-41541","url":"https://www.cve.org/CVERecord?id=CVE-2021-41541"},{"name":"CVE-2021-22924","url":"https://www.cve.org/CVERecord?id=CVE-2021-22924"},{"name":"CVE-2022-24309","url":"https://www.cve.org/CVERecord?id=CVE-2022-24309"},{"name":"CVE-2020-8265","url":"https://www.cve.org/CVERecord?id=CVE-2020-8265"},{"name":"CVE-2021-37713","url":"https://www.cve.org/CVERecord?id=CVE-2021-37713"},{"name":"CVE-2021-22947","url":"https://www.cve.org/CVERecord?id=CVE-2021-22947"},{"name":"CVE-2019-19925","url":"https://www.cve.org/CVERecord?id=CVE-2019-19925"},{"name":"CVE-2021-22922","url":"https://www.cve.org/CVERecord?id=CVE-2021-22922"},{"name":"CVE-2019-19924","url":"https://www.cve.org/CVERecord?id=CVE-2019-19924"},{"name":"CVE-2021-32938","url":"https://www.cve.org/CVERecord?id=CVE-2021-32938"},{"name":"CVE-2020-11656","url":"https://www.cve.org/CVERecord?id=CVE-2020-11656"},{"name":"CVE-2022-26317","url":"https://www.cve.org/CVERecord?id=CVE-2022-26317"},{"name":"CVE-2021-22946","url":"https://www.cve.org/CVERecord?id=CVE-2021-22946"},{"name":"CVE-2021-37712","url":"https://www.cve.org/CVERecord?id=CVE-2021-37712"},{"name":"CVE-2020-8284","url":"https://www.cve.org/CVERecord?id=CVE-2020-8284"},{"name":"CVE-2021-32940","url":"https://www.cve.org/CVERecord?id=CVE-2021-32940"},{"name":"CVE-2021-3711","url":"https://www.cve.org/CVERecord?id=CVE-2021-3711"},{"name":"CVE-2021-37208","url":"https://www.cve.org/CVERecord?id=CVE-2021-37208"},{"name":"CVE-2021-32948","url":"https://www.cve.org/CVERecord?id=CVE-2021-32948"},{"name":"CVE-2021-3449","url":"https://www.cve.org/CVERecord?id=CVE-2021-3449"},{"name":"CVE-2022-26313","url":"https://www.cve.org/CVERecord?id=CVE-2022-26313"},{"name":"CVE-2021-22921","url":"https://www.cve.org/CVERecord?id=CVE-2021-22921"},{"name":"CVE-2021-25216","url":"https://www.cve.org/CVERecord?id=CVE-2021-25216"},{"name":"CVE-2020-15358","url":"https://www.cve.org/CVERecord?id=CVE-2020-15358"},{"name":"CVE-2021-43527","url":"https://www.cve.org/CVERecord?id=CVE-2021-43527"},{"name":"CVE-2019-19242","url":"https://www.cve.org/CVERecord?id=CVE-2019-19242"},{"name":"CVE-2021-22897","url":"https://www.cve.org/CVERecord?id=CVE-2021-22897"},{"name":"CVE-2021-32803","url":"https://www.cve.org/CVERecord?id=CVE-2021-32803"},{"name":"CVE-2021-25177","url":"https://www.cve.org/CVERecord?id=CVE-2021-25177"},{"name":"CVE-2021-25175","url":"https://www.cve.org/CVERecord?id=CVE-2021-25175"},{"name":"CVE-2021-22884","url":"https://www.cve.org/CVERecord?id=CVE-2021-22884"},{"name":"CVE-2021-32952","url":"https://www.cve.org/CVERecord?id=CVE-2021-32952"},{"name":"CVE-2019-19880","url":"https://www.cve.org/CVERecord?id=CVE-2019-19880"},{"name":"CVE-2018-7160","url":"https://www.cve.org/CVERecord?id=CVE-2018-7160"},{"name":"CVE-2021-32950","url":"https://www.cve.org/CVERecord?id=CVE-2021-32950"},{"name":"CVE-2021-3672","url":"https://www.cve.org/CVERecord?id=CVE-2021-3672"},{"name":"CVE-2021-31346","url":"https://www.cve.org/CVERecord?id=CVE-2021-31346"},{"name":"CVE-2022-26314","url":"https://www.cve.org/CVERecord?id=CVE-2022-26314"},{"name":"CVE-2021-31784","url":"https://www.cve.org/CVERecord?id=CVE-2021-31784"},{"name":"CVE-2021-22883","url":"https://www.cve.org/CVERecord?id=CVE-2021-22883"},{"name":"CVE-2020-8231","url":"https://www.cve.org/CVERecord?id=CVE-2020-8231"},{"name":"CVE-2020-13631","url":"https://www.cve.org/CVERecord?id=CVE-2020-13631"},{"name":"CVE-2021-25214","url":"https://www.cve.org/CVERecord?id=CVE-2021-25214"},{"name":"CVE-2021-22931","url":"https://www.cve.org/CVERecord?id=CVE-2021-22931"},{"name":"CVE-2021-31889","url":"https://www.cve.org/CVERecord?id=CVE-2021-31889"},{"name":"CVE-2022-24408","url":"https://www.cve.org/CVERecord?id=CVE-2022-24408"},{"name":"CVE-2021-42016","url":"https://www.cve.org/CVERecord?id=CVE-2021-42016"},{"name":"CVE-2021-3712","url":"https://www.cve.org/CVERecord?id=CVE-2021-3712"},{"name":"CVE-2021-39134","url":"https://www.cve.org/CVERecord?id=CVE-2021-39134"},{"name":"CVE-2019-19645","url":"https://www.cve.org/CVERecord?id=CVE-2019-19645"},{"name":"CVE-2020-11655","url":"https://www.cve.org/CVERecord?id=CVE-2020-11655"},{"name":"CVE-2020-8287","url":"https://www.cve.org/CVERecord?id=CVE-2020-8287"},{"name":"CVE-2021-22926","url":"https://www.cve.org/CVERecord?id=CVE-2021-22926"},{"name":"CVE-2022-24661","url":"https://www.cve.org/CVERecord?id=CVE-2022-24661"},{"name":"CVE-2021-22890","url":"https://www.cve.org/CVERecord?id=CVE-2021-22890"},{"name":"CVE-2021-25219","url":"https://www.cve.org/CVERecord?id=CVE-2021-25219"},{"name":"CVE-2021-23840","url":"https://www.cve.org/CVERecord?id=CVE-2021-23840"},{"name":"CVE-2021-42018","url":"https://www.cve.org/CVERecord?id=CVE-2021-42018"},{"name":"CVE-2021-22923","url":"https://www.cve.org/CVERecord?id=CVE-2021-22923"},{"name":"CVE-2019-19923","url":"https://www.cve.org/CVERecord?id=CVE-2019-19923"},{"name":"CVE-2021-39135","url":"https://www.cve.org/CVERecord?id=CVE-2021-39135"},{"name":"CVE-2021-25176","url":"https://www.cve.org/CVERecord?id=CVE-2021-25176"},{"name":"CVE-2021-31890","url":"https://www.cve.org/CVERecord?id=CVE-2021-31890"},{"name":"CVE-2021-25178","url":"https://www.cve.org/CVERecord?id=CVE-2021-25178"},{"name":"CVE-2021-22876","url":"https://www.cve.org/CVERecord?id=CVE-2021-22876"},{"name":"CVE-2021-23362","url":"https://www.cve.org/CVERecord?id=CVE-2021-23362"},{"name":"CVE-2019-19603","url":"https://www.cve.org/CVERecord?id=CVE-2019-19603"},{"name":"CVE-2021-25217","url":"https://www.cve.org/CVERecord?id=CVE-2021-25217"},{"name":"CVE-2021-25173","url":"https://www.cve.org/CVERecord?id=CVE-2021-25173"},{"name":"CVE-2021-22945","url":"https://www.cve.org/CVERecord?id=CVE-2021-22945"},{"name":"CVE-2022-25311","url":"https://www.cve.org/CVERecord?id=CVE-2022-25311"},{"name":"CVE-2021-31344","url":"https://www.cve.org/CVERecord?id=CVE-2021-31344"},{"name":"CVE-2021-37209","url":"https://www.cve.org/CVERecord?id=CVE-2021-37209"},{"name":"CVE-2021-42019","url":"https://www.cve.org/CVERecord?id=CVE-2021-42019"},{"name":"CVE-2020-8625","url":"https://www.cve.org/CVERecord?id=CVE-2020-8625"}],"links":[],"reference":"CERTFR-2022-AVI-216","revisions":[{"description":"Version initiale","revision_date":"2022-03-08T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"},{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-166747 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-166747.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-252466 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-252466.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-562051 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-562051.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-223353 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-223353.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-337210 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-337210.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-148641 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-148641.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-389290 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-389290.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-764417 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-764417.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-256353 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-256353.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-703715 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-703715.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-594438 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-594438.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-415938 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-415938.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-134279 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-134279.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-155599 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-155599.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-406691 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-406691.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-250085 du 8 mars 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-250085.html"}]}