{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"EcoStruxure Power SCADA Anywhere versions 2022, 2021, 2020 R2, 2020, 9.0 et 8.x","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Geo SCADA Expert 2019, EcoStruxure Geo SCADA Expert 2020 et EcoStruxure Geo SCADA Expert 2021 (anciennement ClearSCADA) sans le correctif de s\u00e9curit\u00e9 d'octobre 2022","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Power SCADA Operation 2020 R2 versions 2020 R2 and 2020 R2 CU1, 2020 R2 CU2 et 2020 R2 CU3 sans la derni\u00e8re version du microgiciel","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 V2021","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"SoMachine - HVAC V2.1.0 et ant\u00e9rieures (Schneider Electric recommande de migrer vers Ecostruxure Machine Expert \u2013 HVAC version V1.5.0)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Ecostruxure Machine Expert \u2013 HVAC versions ant\u00e9rieures \u00e0 V1.5.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Power SCADA Operation 9.0 et PowerSCADA Expert 8.x","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Power Operation 2021 versions 2021, 2021 CU1, 2021 CU2 et 2021 CU3 sans la derni\u00e8re version du microgiciel","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Power SCADA Operation 2020 versions 2020 and 2020 CU1 sans la derni\u00e8re version du microgiciel","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-38138","url":"https://www.cve.org/CVERecord?id=CVE-2022-38138"},{"name":"CVE-2022-2988","url":"https://www.cve.org/CVERecord?id=CVE-2022-2988"},{"name":"CVE-2023-22610","url":"https://www.cve.org/CVERecord?id=CVE-2023-22610"},{"name":"CVE-2023-22611","url":"https://www.cve.org/CVERecord?id=CVE-2023-22611"},{"name":"CVE-2022-1467","url":"https://www.cve.org/CVERecord?id=CVE-2022-1467"},{"name":"CVE-2022-45789","url":"https://www.cve.org/CVERecord?id=CVE-2022-45789"},{"name":"CVE-2022-45788","url":"https://www.cve.org/CVERecord?id=CVE-2022-45788"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric du 10 janvier 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-03_EcoStruxure_Power_Operation_Power_SCADA_Operation_Security_Notification.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric du 10 janvier 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-01_EcoStruxure_Machine_Expert_Machine_HVAC_Security_Notification.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric du 10 janvier 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-02_Geo_SCADA_Security_Notification.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric du 10 janvier 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-06_Modicon_Controllers_Security_Notification.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric du 10 janvier 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-04_EcoStruxure_Power_SCADA_Anywhere_Security_Notification.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric du 10 janvier 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"}],"reference":"CERTFR-2023-AVI-0014","revisions":[{"description":"Version initiale","revision_date":"2023-01-10T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric du 10 janvier 2023","url":null}]}