{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Modicon M580 NOC Control (BMENOC0321) versions ant\u00e9rieures \u00e0 1.8","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"PacDrive 3 Controllers LMC","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Easergy Builder installer versions ant\u00e9rieures \u00e0 V1.7.24","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Controller LMC058","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Controller M258","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Eco/Pro/Pro2","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M580 versions ant\u00e9rieures \u00e0 SV4.10","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Modicon M340 CPU (part numbers BMXP34*) versions ant\u00e9rieures \u00e0 SV3.51","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Controller M262","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"PacDrive Controller LMC078","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Controller M241","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"InsightHome, InsightFacility et Conext Gateway versions ant\u00e9rieures \u00e0 1.17 Build 079","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 V15.3","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric Easy UPS Online versions ant\u00e9rieures \u00e0 2.6-GS","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Controller M218","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"HMISCU Controller","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Controller M251","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Easy Harmony ET6 (HMIET Series) et Easy Harmony GXU (HMIGXU Series) avec Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.2.1 Hotfix 4","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"APC Easy UPS Online Monitoring versions ant\u00e9rieures \u00e0 2.6-GA","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M580 Ethernet Communication Modules (BMENOC0301 et BMENOC0311) versions ant\u00e9rieures \u00e0 SV2.21","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M340 CPU versions ant\u00e9rieures \u00e0 SV3.51","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-29413","url":"https://www.cve.org/CVERecord?id=CVE-2023-29413"},{"name":"CVE-2023-29410","url":"https://www.cve.org/CVERecord?id=CVE-2023-29410"},{"name":"CVE-2020-35198","url":"https://www.cve.org/CVERecord?id=CVE-2020-35198"},{"name":"CVE-2022-4046","url":"https://www.cve.org/CVERecord?id=CVE-2022-4046"},{"name":"CVE-2023-29412","url":"https://www.cve.org/CVERecord?id=CVE-2023-29412"},{"name":"CVE-2023-27976","url":"https://www.cve.org/CVERecord?id=CVE-2023-27976"},{"name":"CVE-2022-34755","url":"https://www.cve.org/CVERecord?id=CVE-2022-34755"},{"name":"CVE-2023-25620","url":"https://www.cve.org/CVERecord?id=CVE-2023-25620"},{"name":"CVE-2023-1548","url":"https://www.cve.org/CVERecord?id=CVE-2023-1548"},{"name":"CVE-2023-29411","url":"https://www.cve.org/CVERecord?id=CVE-2023-29411"},{"name":"CVE-2023-28355","url":"https://www.cve.org/CVERecord?id=CVE-2023-28355"},{"name":"CVE-2023-25619","url":"https://www.cve.org/CVERecord?id=CVE-2023-25619"},{"name":"CVE-2022-45788","url":"https://www.cve.org/CVERecord?id=CVE-2022-45788"},{"name":"CVE-2022-4224","url":"https://www.cve.org/CVERecord?id=CVE-2022-4224"},{"name":"CVE-2021-29241","url":"https://www.cve.org/CVERecord?id=CVE-2021-29241"},{"name":"CVE-2020-28895","url":"https://www.cve.org/CVERecord?id=CVE-2020-28895"}],"links":[],"reference":"CERTFR-2023-AVI-0297","revisions":[{"description":"Version initiale","revision_date":"2023-04-11T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-011-06 du 11 janvier 2022","url":"https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-011-06_CODESYSV3_Runtime_Development_System_and_Gateway_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-05 du 11 avril 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-05.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-06 du 11 avril 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-06.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-04 du 11 avril 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-04.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-02 du 11 avril 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-02.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-03 du 11 avril 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-03.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-01 du 11 avril 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-101-01.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-010-05 du 10 janvier 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-313-05 du 09 novembre 2021","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf"}]}