{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>PowerLogic ION Setup versions ant\u00e9rieures \u00e0 3.2.22096.01</li> <li>Saitel DP RTU microgiciel versions Baseline_09.00.00 \u00e0 Baseline_11.06.23 ant\u00e9rieures \u00e0 BaseLine_11.06.24</li> <li>APC Smart-UPS SRC Series ID=1004: UPS versions 14.9 et ant\u00e9rieures</li> <li>APC Smart-UPS SRC Series ID=1006: UPS versions 14.9 et ant\u00e9rieures</li> <li>APC Smart-UPS SRC Series ID=1011: UPS versions 14.9 et ant\u00e9rieures</li> <li>APC Smart-UPS SRC Series ID=1033: UPS versions 00.3 et ant\u00e9rieures</li> <li>APC Smart-UPS XU Series SRC Series ID=1017: UPS versions 02.6 et ant\u00e9rieures</li> <li>SmartConnect s\u00e9ries SMTL, SCL, et SMX version du microgiciel ant\u00e9rieure \u00e0 15.0</li> <li>HMISCU Vijeo Designer versions ant\u00e9rieures \u00e0 6.2 SP12</li> <li>Easergy MiCOM P30 range mod\u00e8les C434, P132, P139, P433, P435, P437, P532, P631, P632, P633, P634 et Px36/8 versions 660 \u00e0 674</li> <li>APC Rack Power Distribution Units (PDU) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.6</li> <li>APC Rack Power Distribution Units (PDU) utilisant NMC3 AOS versions ant\u00e9rieures \u00e0 1.2.0.2</li> <li>APC 3-Phase Power Distribution Products utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4</li> <li>Network Management Card 2 (NMC2) for InfraStruxure 150 kVA PDU with 84 Poles (X84P) versions ant\u00e9rieures \u00e0 7.0.4</li> <li>Network Management Card 2 for InfraStruxure 40/60kVA PDU (XPDU) versions ant\u00e9rieures \u00e0 7.0.4</li> <li>Network Management Card 2 for Modular 150/175kVA PDU (XRDP) versions ant\u00e9rieures \u00e0 7.0.4</li> <li>Network Management Card 2 for 400 and 500 kVA (PMM) versions ant\u00e9rieures \u00e0 7.0.4</li> <li>Network Management Card 2 for Modular PDU (XRDP2G) versions ant\u00e9rieures \u00e0 7.0.4</li> <li>Rack Automatic Transfer Switches (ATS) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4</li> <li>Network Management Card 2 (NMC2) Cooling Products utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4</li> <li>Environmental Monitoring Unit with embedded NMC2 (NB250) utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4</li> <li>Network Management Card 2 (NMC2) versions ant\u00e9rieures \u00e0 7.0.4</li> <li>EcoStruxure Micro Data Center utilisant NMC2 AOS versions ant\u00e9rieures \u00e0 7.0.4</li> </ul> <p>Les produits suivants ne sont plus support\u00e9s par l'\u00e9diteur :</p> <ul> <li>Wiser Smart EER21000 et EER21001 versions ant\u00e9rieures \u00e0 4.5</li> </ul> <p>Les produits suivants ne b\u00e9n\u00e9ficient pas encore de correctif pour les vuln\u00e9rabilit\u00e9s CVE-2022-22805, CVE-2022-22806 et CVE-2022-0715 :</p> <ul> <li>Smart-UPS s\u00e9ries SMT, SMC, SCL, SMX, SRT, SRC, XU, et SRTL</li> </ul> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-30236","url":"https://www.cve.org/CVERecord?id=CVE-2022-30236"},{"name":"CVE-2021-22811","url":"https://www.cve.org/CVERecord?id=CVE-2021-22811"},{"name":"CVE-2021-22813","url":"https://www.cve.org/CVERecord?id=CVE-2021-22813"},{"name":"CVE-2022-30233","url":"https://www.cve.org/CVERecord?id=CVE-2022-30233"},{"name":"CVE-2022-30238","url":"https://www.cve.org/CVERecord?id=CVE-2022-30238"},{"name":"CVE-2022-6996","url":"https://www.cve.org/CVERecord?id=CVE-2022-6996"},{"name":"CVE-2021-22810","url":"https://www.cve.org/CVERecord?id=CVE-2021-22810"},{"name":"CVE-2021-22815","url":"https://www.cve.org/CVERecord?id=CVE-2021-22815"},{"name":"CVE-2022-22806","url":"https://www.cve.org/CVERecord?id=CVE-2022-22806"},{"name":"CVE-2022-30234","url":"https://www.cve.org/CVERecord?id=CVE-2022-30234"},{"name":"CVE-2022-0715","url":"https://www.cve.org/CVERecord?id=CVE-2022-0715"},{"name":"CVE-2021-22812","url":"https://www.cve.org/CVERecord?id=CVE-2021-22812"},{"name":"CVE-2022-30232","url":"https://www.cve.org/CVERecord?id=CVE-2022-30232"},{"name":"CVE-2020-6996","url":"https://www.cve.org/CVERecord?id=CVE-2020-6996"},{"name":"CVE-2022-30235","url":"https://www.cve.org/CVERecord?id=CVE-2022-30235"},{"name":"CVE-2022-22805","url":"https://www.cve.org/CVERecord?id=CVE-2022-22805"},{"name":"CVE-2021-22814","url":"https://www.cve.org/CVERecord?id=CVE-2021-22814"},{"name":"CVE-2022-30237","url":"https://www.cve.org/CVERecord?id=CVE-2022-30237"}],"links":[],"reference":"CERTFR-2022-AVI-436","revisions":[{"description":"Version initiale","revision_date":"2022-05-10T00:00:00.000000"},{"description":"Mise \u00e0 jour des liens","revision_date":"2022-08-22T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-01 du 10 mai 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-130-01_PowerLogic_ION_Setup_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-130-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-02 du 10 mai 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-130-02_Saitel_DP_RTU_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-130-02"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 10 mai 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V7.0.pdf&p_Doc_Ref=SEVD-2021-313-05"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-130-03 du 10 mai 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-130-03_WiserSmart_Security_Notification.pdf&p_Doc_Ref=SEVD-2022-130-03"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 10 mai 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-03_APC_NMC_Security_Notification_V2.0.pdf&p_Doc_Ref=SEVD-2021-313-03"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 10 mai 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf"}]}