{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Merten Jalousie-/Schaltaktor REG-K/8x/16x/10 m. HB version du programme 1.0 si une taille de la cl\u00e9 BCU est inf\u00e9rieure \u00e0 8 chiffres","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Merten INSTABUS Tastermodul 1fach System M version du programme 1.0 si une taille de la cl\u00e9 BCU est inf\u00e9rieure \u00e0 8 chiffres","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure TM Geo SCADA Expert 2021 sans le dernier correctif de s\u00e9curit\u00e9 d'octobre 2022","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"StruxureWare DataCenter Expert versions ant\u00e9rieures \u00e0 V7.9.3","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Merten KNX ARGUS 180/2,20M UP SYSTEM version du programme 1.0 si une taille de la cl\u00e9 BCU est inf\u00e9rieure \u00e0 8 chiffres","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Merten INSTABUS Tastermodul 2fach System M version du programme 1.0 si une taille de la cl\u00e9 BCU est inf\u00e9rieure \u00e0 8 chiffres","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure TM Geo SCADA Expert 2019 sans le dernier correctif de s\u00e9curit\u00e9 d'octobre 2022","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Merten KNX Uni-Dimmaktor LL REG-K/2x230/300 W version du programme 1.0 et 1.1 si une taille de la cl\u00e9 BCU est inf\u00e9rieure \u00e0 8 chiffres","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Merten KNX Schaltakt.2x6A UP m.2 Eing. version du programme 0.1 si une taille de la cl\u00e9 BCU est inf\u00e9rieure \u00e0 8 chiffres","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure TM Geo SCADA Expert 2020 sans le dernier correctif de s\u00e9curit\u00e9 d'octobre 2022","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Merten Tasterschnittstelle 4fach plus version du programme 1.0 et 1.2 si une taille de la cl\u00e9 BCU est inf\u00e9rieure \u00e0 8 chiffres","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-25554","url":"https://www.cve.org/CVERecord?id=CVE-2023-25554"},{"name":"CVE-2023-25553","url":"https://www.cve.org/CVERecord?id=CVE-2023-25553"},{"name":"CVE-2023-25547","url":"https://www.cve.org/CVERecord?id=CVE-2023-25547"},{"name":"CVE-2023-25551","url":"https://www.cve.org/CVERecord?id=CVE-2023-25551"},{"name":"CVE-2023-25556","url":"https://www.cve.org/CVERecord?id=CVE-2023-25556"},{"name":"CVE-2023-0595","url":"https://www.cve.org/CVERecord?id=CVE-2023-0595"},{"name":"CVE-2023-25555","url":"https://www.cve.org/CVERecord?id=CVE-2023-25555"},{"name":"CVE-2023-25552","url":"https://www.cve.org/CVERecord?id=CVE-2023-25552"},{"name":"CVE-2023-25550","url":"https://www.cve.org/CVERecord?id=CVE-2023-25550"},{"name":"CVE-2023-25549","url":"https://www.cve.org/CVERecord?id=CVE-2023-25549"},{"name":"CVE-2023-25548","url":"https://www.cve.org/CVERecord?id=CVE-2023-25548"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Schneider\u00a0Electric SEVD-2023-045-01 du 14 f\u00e9vrier 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-01.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider\u00a0Electric SEVD-2023-045-02 du 14 f\u00e9vrier 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-02.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider\u00a0Electric SEVD-2023-045-03 du 14 f\u00e9vrier 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-045-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-045-03.pdf"}],"reference":"CERTFR-2023-AVI-0126","revisions":[{"description":"Version initiale","revision_date":"2023-02-15T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un contournement\nde la politique de s\u00e9curit\u00e9 et une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-045-03 du 14 f\u00e9vrier 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-045-01 du 14 f\u00e9vrier 2023","url":null},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-045-02 du 14 f\u00e9vrier 2023","url":null}]}