{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Solid Edge SE2023 avec KeyShot 11 versions ant\u00e9rieures \u00e0 V2023.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"TIA Portal V18 versions ant\u00e9rieures \u00e0 V18 Update 1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"TeleControl Server Basic V3","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Polarion ALM versions ant\u00e9rieures \u00e0 V2304.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"TIA Portal V15, V16 et V17","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"JT2Go versions ant\u00e9rieures \u00e0 V14.2.0.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"De nombreuses r\u00e9f\u00e9rences SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l'\u00e9diteur pour la liste compl\u00e8te","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC S7-400 PN/DP CPU family","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Teamcenter Visualization V13.2 versions ant\u00e9rieures \u00e0 V13.2.0.13","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Mendix Forgot Password (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V4.1.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Mendix Forgot Password (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 V5.1.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CP 443-1 Advanced versions ant\u00e9rieures \u00e0 V3.2.17","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CP 343-1 Advanced versions ant\u00e9rieures \u00e0 V3.0.53","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Teamcenter Visualization V14.0 versions ant\u00e9rieures \u00e0 V14.0.0.5","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"JT Open versions ant\u00e9rieures \u00e0 V11.3.2.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Teamcenter Visualization V14.2 versions ant\u00e9rieures \u00e0 V14.2.0.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Mendix Forgot Password (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V3.7.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"JT Utilities versions ant\u00e9rieures \u00e0 V13.3.0.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Teamcenter Visualization V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.9","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"OpenPCS 7 V9.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC S7-300 CPU family versions ant\u00e9rieures \u00e0 V3.X.18","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Teamcenter Visualization V14.1 versions ant\u00e9rieures \u00e0 V14.1.0.7","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-35252","url":"https://www.cve.org/CVERecord?id=CVE-2022-35252"},{"name":"CVE-2023-28828","url":"https://www.cve.org/CVERecord?id=CVE-2023-28828"},{"name":"CVE-2016-8673","url":"https://www.cve.org/CVERecord?id=CVE-2016-8673"},{"name":"CVE-2020-35198","url":"https://www.cve.org/CVERecord?id=CVE-2020-35198"},{"name":"CVE-2022-32208","url":"https://www.cve.org/CVERecord?id=CVE-2022-32208"},{"name":"CVE-2023-28766","url":"https://www.cve.org/CVERecord?id=CVE-2023-28766"},{"name":"CVE-2021-27044","url":"https://www.cve.org/CVERecord?id=CVE-2021-27044"},{"name":"CVE-2022-1652","url":"https://www.cve.org/CVERecord?id=CVE-2022-1652"},{"name":"CVE-2022-32207","url":"https://www.cve.org/CVERecord?id=CVE-2022-32207"},{"name":"CVE-2023-29053","url":"https://www.cve.org/CVERecord?id=CVE-2023-29053"},{"name":"CVE-2023-28489","url":"https://www.cve.org/CVERecord?id=CVE-2023-28489"},{"name":"CVE-2022-43767","url":"https://www.cve.org/CVERecord?id=CVE-2022-43767"},{"name":"CVE-2022-44725","url":"https://www.cve.org/CVERecord?id=CVE-2022-44725"},{"name":"CVE-2023-29054","url":"https://www.cve.org/CVERecord?id=CVE-2023-29054"},{"name":"CVE-2023-23588","url":"https://www.cve.org/CVERecord?id=CVE-2023-23588"},{"name":"CVE-2021-46828","url":"https://www.cve.org/CVERecord?id=CVE-2021-46828"},{"name":"CVE-2016-8672","url":"https://www.cve.org/CVERecord?id=CVE-2016-8672"},{"name":"CVE-2023-26293","url":"https://www.cve.org/CVERecord?id=CVE-2023-26293"},{"name":"CVE-2022-40674","url":"https://www.cve.org/CVERecord?id=CVE-2022-40674"},{"name":"CVE-2022-43716","url":"https://www.cve.org/CVERecord?id=CVE-2022-43716"},{"name":"CVE-2022-32205","url":"https://www.cve.org/CVERecord?id=CVE-2022-32205"},{"name":"CVE-2022-32206","url":"https://www.cve.org/CVERecord?id=CVE-2022-32206"},{"name":"CVE-2022-1729","url":"https://www.cve.org/CVERecord?id=CVE-2022-1729"},{"name":"CVE-2022-43768","url":"https://www.cve.org/CVERecord?id=CVE-2022-43768"},{"name":"CVE-2023-27464","url":"https://www.cve.org/CVERecord?id=CVE-2023-27464"},{"name":"CVE-2020-28895","url":"https://www.cve.org/CVERecord?id=CVE-2020-28895"},{"name":"CVE-2023-1709","url":"https://www.cve.org/CVERecord?id=CVE-2023-1709"},{"name":"CVE-2022-30065","url":"https://www.cve.org/CVERecord?id=CVE-2022-30065"}],"links":[],"reference":"CERTFR-2023-AVI-0298","revisions":[{"description":"Version initiale","revision_date":"2023-04-11T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-699404 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-699404.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-479249 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-479249.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-572164 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-572164.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-691715 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-691715.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-511182 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-511182.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-566905 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-566905.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-642810 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-642810.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-603476 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-603476.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-813746 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-813746.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-629917 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-629917.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-558014 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-558014.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-322980 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-322980.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-116924 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-116924.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-632164 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-632164.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-472454 du 11 avril 2023","url":"https://cert-portal.siemens.com/productcert/html/ssa-472454.html"}]}