{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Eurotherm Data Reviewer3.0.2 software versions ant\u00e9rieures 4.0.0","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Modicon Momentum MDI (171CBU*) toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 15.2","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021","product":{"name":"process","vendor":{"name":"Symfony","scada":false}}},{"description":"Modicon M580 CPU (BMEP* et BMEH*) versions ant\u00e9rieures \u00e0 4.01","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Legacy Modicon Quantum toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"OPC UA Modicon Communication Module (BMENUA0100) versions ant\u00e9rieures \u00e0 2.01","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Modicon MC80 (BMKC80) toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M340 CPU (BMXP34*) versions ant\u00e9rieures 3.50","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2019-6846","url":"https://www.cve.org/CVERecord?id=CVE-2019-6846"},{"name":"CVE-2022-34760","url":"https://www.cve.org/CVERecord?id=CVE-2022-34760"},{"name":"CVE-2020-35198","url":"https://www.cve.org/CVERecord?id=CVE-2020-35198"},{"name":"CVE-2021-22791","url":"https://www.cve.org/CVERecord?id=CVE-2021-22791"},{"name":"CVE-2022-34762","url":"https://www.cve.org/CVERecord?id=CVE-2022-34762"},{"name":"CVE-2019-6841","url":"https://www.cve.org/CVERecord?id=CVE-2019-6841"},{"name":"CVE-2021-45105","url":"https://www.cve.org/CVERecord?id=CVE-2021-45105"},{"name":"CVE-2021-22779","url":"https://www.cve.org/CVERecord?id=CVE-2021-22779"},{"name":"CVE-2021-22781","url":"https://www.cve.org/CVERecord?id=CVE-2021-22781"},{"name":"CVE-2021-22780","url":"https://www.cve.org/CVERecord?id=CVE-2021-22780"},{"name":"CVE-2021-4104","url":"https://www.cve.org/CVERecord?id=CVE-2021-4104"},{"name":"CVE-2021-22790","url":"https://www.cve.org/CVERecord?id=CVE-2021-22790"},{"name":"CVE-2022-37302","url":"https://www.cve.org/CVERecord?id=CVE-2022-37302"},{"name":"CVE-2022-34761","url":"https://www.cve.org/CVERecord?id=CVE-2022-34761"},{"name":"CVE-2022-34759","url":"https://www.cve.org/CVERecord?id=CVE-2022-34759"},{"name":"CVE-2022-37301","url":"https://www.cve.org/CVERecord?id=CVE-2022-37301"},{"name":"CVE-2018-7241","url":"https://www.cve.org/CVERecord?id=CVE-2018-7241"},{"name":"CVE-2021-22786","url":"https://www.cve.org/CVERecord?id=CVE-2021-22786"},{"name":"CVE-2018-7242","url":"https://www.cve.org/CVERecord?id=CVE-2018-7242"},{"name":"CVE-2019-6844","url":"https://www.cve.org/CVERecord?id=CVE-2019-6844"},{"name":"CVE-2019-6842","url":"https://www.cve.org/CVERecord?id=CVE-2019-6842"},{"name":"CVE-2021-22782","url":"https://www.cve.org/CVERecord?id=CVE-2021-22782"},{"name":"CVE-2021-22778","url":"https://www.cve.org/CVERecord?id=CVE-2021-22778"},{"name":"CVE-2022-34764","url":"https://www.cve.org/CVERecord?id=CVE-2022-34764"},{"name":"CVE-2022-34763","url":"https://www.cve.org/CVERecord?id=CVE-2022-34763"},{"name":"CVE-2021-45046","url":"https://www.cve.org/CVERecord?id=CVE-2021-45046"},{"name":"CVE-2022-37300","url":"https://www.cve.org/CVERecord?id=CVE-2022-37300"},{"name":"CVE-2021-22789","url":"https://www.cve.org/CVERecord?id=CVE-2021-22789"},{"name":"CVE-2019-6847","url":"https://www.cve.org/CVERecord?id=CVE-2019-6847"},{"name":"CVE-2022-34765","url":"https://www.cve.org/CVERecord?id=CVE-2022-34765"},{"name":"CVE-2021-44228","url":"https://www.cve.org/CVERecord?id=CVE-2021-44228"},{"name":"CVE-2021-22792","url":"https://www.cve.org/CVERecord?id=CVE-2021-22792"},{"name":"CVE-2019-6843","url":"https://www.cve.org/CVERecord?id=CVE-2019-6843"},{"name":"CVE-2018-7240","url":"https://www.cve.org/CVERecord?id=CVE-2018-7240"},{"name":"CVE-2011-4859","url":"https://www.cve.org/CVERecord?id=CVE-2011-4859"},{"name":"CVE-2020-28895","url":"https://www.cve.org/CVERecord?id=CVE-2020-28895"},{"name":"CVE-2021-44832","url":"https://www.cve.org/CVERecord?id=CVE-2021-44832"},{"name":"CVE-2020-12525","url":"https://www.cve.org/CVERecord?id=CVE-2020-12525"}],"links":[],"reference":"CERTFR-2022-AVI-717","revisions":[{"description":"Version initiale","revision_date":"2022-08-09T00:00:00.000000"},{"description":"Mise \u00e0 jour des liens","revision_date":"2022-08-22T00:00:00.000000"},{"description":"Mise \u00e0 jour des liens des bulletins de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01, SEVD-2022-221-02 et SEVD-2022-221-04 du 9 ao\u00fbt 2022.","revision_date":"2022-09-08T00:00:00.000000"},{"description":"Ajout du libell\u00e9 [SCADA] dans le titre.","revision_date":"2022-09-08T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SESB-2021-347-01 du 9 ao\u00fbt 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SESB-2021-347-01_Apache_Log4j_Log4Shell_Vulnerabilities_Security_Notification_V14.0.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-02 du 9 ao\u00fbt 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2019-281-02_Modicon_Controllers_Security_Notification_V3.0.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01 du 9 ao\u00fbt 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-01_EcoStruxure_Control_Expert_Modicon580_Security_Notification_V1.1.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-193-01 du 9 ao\u00fbt 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules_Security_Notification_V3.0.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 ao\u00fbt 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V10.0.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-03 du 9 ao\u00fbt 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-03_EcoStruxure_Control_Expert_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 9 ao\u00fbt 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V1.1.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 9 ao\u00fbt 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V3.0.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-222-04 du 9 ao\u00fbt 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-222-04_Modicon_PAC_Controllers_PLC_Simulator_Control_Expert_Process_Expert_Security_Notification_V2.0.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 9 ao\u00fbt 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340_Security_Notifcation_V4.0.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-04 du 9 ao\u00fbt 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification_V1.1.pdf"}]}