{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"UC-8100A-ME-T Series versions ant\u00e9rieures \u00e0 1.8","product":{"name":"N/A","vendor":{"name":"Moxa","scada":true}}},{"description":"UC-8580 Series versions ant\u00e9rieures \u00e0 2.3","product":{"name":"N/A","vendor":{"name":"Moxa","scada":true}}},{"description":"UC-5100 Series versions ant\u00e9rieures \u00e0 1.6","product":{"name":"N/A","vendor":{"name":"Moxa","scada":true}}},{"description":"UC-3100 Series versions ant\u00e9rieures \u00e0 1.8","product":{"name":"N/A","vendor":{"name":"Moxa","scada":true}}},{"description":"UC-8540 Series versions ant\u00e9rieures \u00e0 2.3","product":{"name":"N/A","vendor":{"name":"Moxa","scada":true}}},{"description":"UC-8100 Series versions ant\u00e9rieures \u00e0 3.7","product":{"name":"N/A","vendor":{"name":"Moxa","scada":true}}},{"description":"UC-2100 Series versions ant\u00e9rieures \u00e0 1.14","product":{"name":"N/A","vendor":{"name":"Moxa","scada":true}}},{"description":"SDS-3008 Series sans les derniers correctifs de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"Moxa","scada":true}}},{"description":"UC-8100-ME-T Series versions ant\u00e9rieures \u00e0 3.3","product":{"name":"N/A","vendor":{"name":"Moxa","scada":true}}},{"description":"UC-8200 Series versions ant\u00e9rieures \u00e0 1.7","product":{"name":"N/A","vendor":{"name":"Moxa","scada":true}}},{"description":"UC-8410A Series versions ant\u00e9rieures \u00e0 4.3.2","product":{"name":"N/A","vendor":{"name":"Moxa","scada":true}}}],"affected_systems_content":"","content":"## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).","cves":[{"name":"CVE-2019-11358","url":"https://www.cve.org/CVERecord?id=CVE-2019-11358"},{"name":"CVE-2023-48795","url":"https://www.cve.org/CVERecord?id=CVE-2023-48795"},{"name":"CVE-2021-3156","url":"https://www.cve.org/CVERecord?id=CVE-2021-3156"},{"name":"CVE-2020-11022","url":"https://www.cve.org/CVERecord?id=CVE-2020-11022"},{"name":"CVE-2015-9251","url":"https://www.cve.org/CVERecord?id=CVE-2015-9251"},{"name":"CVE-2020-11023","url":"https://www.cve.org/CVERecord?id=CVE-2020-11023"}],"links":[],"reference":"CERTFR-2024-AVI-0508","revisions":[{"description":"Version initiale","revision_date":"2024-06-20T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa. Elles permettent \u00e0 un attaquant de provoquer une injection de code indirecte \u00e0 distance (XSS) et un contournement de la politique de s\u00e9curit\u00e9.","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa","vendor_advisories":[{"published_at":"2024-06-19","title":"Bulletin de s\u00e9curit\u00e9 Moxa mpsa-248126","url":"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-248126-sds-3008-series-multiple-vulnerabilities"},{"published_at":"2024-06-20","title":"Bulletin de s\u00e9curit\u00e9 Moxa mpsa-247816","url":"https://www.moxa.com/en/support/product-support/security-advisory/mpsa-247816-multiple-uc-series-ipc-ssh-vulnerability"}]}