{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Schneider Electric C-Bus Network Automation Controller LSS5500SHAC versions ant\u00e9rieures \u00e0 1.11.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Clipsal C-Bus Network Automation Controller 5500SHAC versions ant\u00e9rieures \u00e0 1.11.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Conext ComBox toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"SpaceLogic C-Bus Network Automation Controller 5500NAC2 versions ant\u00e9rieures \u00e0 1.11.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"CanBRASS versions ant\u00e9rieures \u00e0 7.6","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"StruxureWare Data Center Expert versions ant\u00e9rieures \u00e0 7.9.1","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Power Commission versions ant\u00e9rieures \u00e0 2.22","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Smart-UPS SMT SMC, SMX, SRC, XU, XP, SURTD, CHS2 et SRTL Series toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Cybersecurity Admin Expert (CAE) versions ant\u00e9rieures \u00e0 2.4","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"IGSS Data Server versions ant\u00e9rieures \u00e0 15.0.0.22170","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Geo SCADA Mobile versions ant\u00e9rieures au Build 202205171","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Smart-UPS SRT Series versions ant\u00e9rieures \u00e0 15.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric C-Bus Network Automation Controller LSS5500NAC versions ant\u00e9rieures \u00e0 1.11.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Power Build: Rapsody Software versions ant\u00e9rieures \u00e0 2.1.13","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EPC2000 versions ant\u00e9rieures \u00e0 4.03","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Versadac versions ant\u00e9rieures \u00e0 2.43","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Clipsal C-Bus Network Automation Controller 5500NAC versions ant\u00e9rieures \u00e0 1.11.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"SCADAPack RemoteConnect pour x70 versions ant\u00e9rieures \u00e0 R2.7.3","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"SpaceLogic C-Bus Network Automation Controller 5500AC2 versions ant\u00e9rieures \u00e0 1.11.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Smart-UPS SCL Series versions ant\u00e9rieures \u00e0 15.1","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-32524","url":"https://www.cve.org/CVERecord?id=CVE-2022-32524"},{"name":"CVE-2022-24322","url":"https://www.cve.org/CVERecord?id=CVE-2022-24322"},{"name":"CVE-2022-22731","url":"https://www.cve.org/CVERecord?id=CVE-2022-22731"},{"name":"CVE-2022-32514","url":"https://www.cve.org/CVERecord?id=CVE-2022-32514"},{"name":"CVE-2020-35198","url":"https://www.cve.org/CVERecord?id=CVE-2020-35198"},{"name":"CVE-2022-32517","url":"https://www.cve.org/CVERecord?id=CVE-2022-32517"},{"name":"CVE-2022-32526","url":"https://www.cve.org/CVERecord?id=CVE-2022-32526"},{"name":"CVE-2022-32530","url":"https://www.cve.org/CVERecord?id=CVE-2022-32530"},{"name":"CVE-2022-32748","url":"https://www.cve.org/CVERecord?id=CVE-2022-32748"},{"name":"CVE-2022-22806","url":"https://www.cve.org/CVERecord?id=CVE-2022-22806"},{"name":"CVE-2022-32529","url":"https://www.cve.org/CVERecord?id=CVE-2022-32529"},{"name":"CVE-2022-32513","url":"https://www.cve.org/CVERecord?id=CVE-2022-32513"},{"name":"CVE-2022-32747","url":"https://www.cve.org/CVERecord?id=CVE-2022-32747"},{"name":"CVE-2022-32523","url":"https://www.cve.org/CVERecord?id=CVE-2022-32523"},{"name":"CVE-2022-32528","url":"https://www.cve.org/CVERecord?id=CVE-2022-32528"},{"name":"CVE-2022-32516","url":"https://www.cve.org/CVERecord?id=CVE-2022-32516"},{"name":"CVE-2022-32522","url":"https://www.cve.org/CVERecord?id=CVE-2022-32522"},{"name":"CVE-2022-32527","url":"https://www.cve.org/CVERecord?id=CVE-2022-32527"},{"name":"CVE-2022-32515","url":"https://www.cve.org/CVERecord?id=CVE-2022-32515"},{"name":"CVE-2021-22697","url":"https://www.cve.org/CVERecord?id=CVE-2021-22697"},{"name":"CVE-2022-0715","url":"https://www.cve.org/CVERecord?id=CVE-2022-0715"},{"name":"CVE-2022-0223","url":"https://www.cve.org/CVERecord?id=CVE-2022-0223"},{"name":"CVE-2022-32519","url":"https://www.cve.org/CVERecord?id=CVE-2022-32519"},{"name":"CVE-2022-22805","url":"https://www.cve.org/CVERecord?id=CVE-2022-22805"},{"name":"CVE-2022-24323","url":"https://www.cve.org/CVERecord?id=CVE-2022-24323"},{"name":"CVE-2022-32512","url":"https://www.cve.org/CVERecord?id=CVE-2022-32512"},{"name":"CVE-2022-32518","url":"https://www.cve.org/CVERecord?id=CVE-2022-32518"},{"name":"CVE-2022-22732","url":"https://www.cve.org/CVERecord?id=CVE-2022-22732"},{"name":"CVE-2020-28895","url":"https://www.cve.org/CVERecord?id=CVE-2020-28895"},{"name":"CVE-2022-32520","url":"https://www.cve.org/CVERecord?id=CVE-2022-32520"},{"name":"CVE-2022-32525","url":"https://www.cve.org/CVERecord?id=CVE-2022-32525"},{"name":"CVE-2021-22698","url":"https://www.cve.org/CVERecord?id=CVE-2021-22698"},{"name":"CVE-2022-32521","url":"https://www.cve.org/CVERecord?id=CVE-2022-32521"}],"links":[],"reference":"CERTFR-2022-AVI-546","revisions":[{"description":"Version initiale","revision_date":"2022-06-15T00:00:00.000000"},{"description":"Modification de la version des produits IGSS Data Server","revision_date":"2022-06-23T00:00:00.000000"},{"description":"Mise \u00e0 jour du lien du bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 08 mars 2022.","revision_date":"2022-08-19T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 08 mars 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-07 du 14 juin 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-06 du 14 juin 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-01 du 08 mars 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-067-01_EcoStruxure_Control_Expert_and_EcoStruxure_Process_Expert_Security_Notification_V2.0.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-02 du 14 juin 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-08 du 14 juin 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-012-02 du 12 janvier 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-012-02_EcoStruxure_Power_Build_Rapsody_Security_Notification_V2.0.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-04 du 14 juin 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-04_%20StruxureWare_Data_Center_Expert_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-01 du 14 juin 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-05 du 14 juin 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V8.0.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-03 du 14 juin 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"}]}