{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC V7.4 toutes versionswith installed WebRH. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Runtime Advanced toutes versions. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF685R FCC (6GT2811-6CA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC V8.0 versions ant\u00e9rieures \u00e0 V8.0 Update 5","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC DiagMonitor toutes versions. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF650R ETSI (6GT2811-6AB20-0AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC HMI Comfort Panels (incl. SIPLUS variants) toutes versions. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SCALANCE W700 802.11 AX versions ant\u00e9rieures \u00e0 V2.4.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF685R CMIIT (6GT2811-6CA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF680R CMIIT (6GT2811-6AA10-2AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC V8.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF615R CMIIT (6GT2811-6CC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Information Server 2024 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF650R FCC (6GT2811-6AB20-1AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF685R ARIB (6GT2811-6CA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF650R CMIIT (6GT2811-6AB20-2AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Totally Integrated Automation Portal (TIA Portal) V18 toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC PCS neo V4.1 versions ant\u00e9rieures \u00e0 V4.1 Update 2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC S7-200 SMART toutes versions. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-43647.","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC PCS neo V4.0 toutes versions. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698.","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF615R ETSI (6GT2811-6CC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC V7.5 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF650R ARIB (6GT2811-6AB20-4AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC RF1140R (6GT2831-6CB00) versions ant\u00e9rieures \u00e0 V1.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC PCS 7 V9.1 toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Runtime Professional V20 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC RF1170R (6GT2831-6BB00) versions ant\u00e9rieures \u00e0 V1.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Totally Integrated Automation Portal (TIA Portal) V19 toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Information Server 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Runtime Professional V17 toutes versions. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355.","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CP 1242-7 V2 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Totally Integrated Automation Portal (TIA Portal) V17 versions ant\u00e9rieures \u00e0 V17 Update 8","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF680R FCC (6GT2811-6AA10-1AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF615R FCC (6GT2811-6CC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF610R FCC (6GT2811-6BC10-1AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Information Server 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Process Historian 2020 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP2 Update 18","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF685R ETSI (6GT2811-6CA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SICAM SCC versions ant\u00e9rieures \u00e0 V10.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Totally Integrated Automation Portal (TIA Portal) V16 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Runtime Professional V18 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) versions ant\u00e9rieures \u00e0 V3.5.20","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Runtime Professional V19 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-38355","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF680R ARIB (6GT2811-6AA10-4AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC V7.4 toutes versions. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783.","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC DiagBase toutes versions. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour les vuln\u00e9rabilit\u00e9s CVE-2023-28827, CVE-2023-30755 et CVE-2023-30756.","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Process Historian 2022 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CP 1243-7 LTE versions ant\u00e9rieures \u00e0 V3.5.20","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF610R ETSI (6GT2811-6BC10-0AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC PCS neo V5.0 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-33698","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CP 1243-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.5.20","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Reader RF680R ETSI (6GT2811-6AA10-0AA0) versions ant\u00e9rieures \u00e0 V4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC BATCH V9.1 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2024-35783","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}}],"affected_systems_content":"","content":"## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).","cves":[{"name":"CVE-2024-43647","url":"https://www.cve.org/CVERecord?id=CVE-2024-43647"},{"name":"CVE-2024-37995","url":"https://www.cve.org/CVERecord?id=CVE-2024-37995"},{"name":"CVE-2024-37990","url":"https://www.cve.org/CVERecord?id=CVE-2024-37990"},{"name":"CVE-2024-37993","url":"https://www.cve.org/CVERecord?id=CVE-2024-37993"},{"name":"CVE-2024-37991","url":"https://www.cve.org/CVERecord?id=CVE-2024-37991"},{"name":"CVE-2023-30756","url":"https://www.cve.org/CVERecord?id=CVE-2023-30756"},{"name":"CVE-2024-33698","url":"https://www.cve.org/CVERecord?id=CVE-2024-33698"},{"name":"CVE-2024-37992","url":"https://www.cve.org/CVERecord?id=CVE-2024-37992"},{"name":"CVE-2024-34057","url":"https://www.cve.org/CVERecord?id=CVE-2024-34057"},{"name":"CVE-2023-30755","url":"https://www.cve.org/CVERecord?id=CVE-2023-30755"},{"name":"CVE-2023-28827","url":"https://www.cve.org/CVERecord?id=CVE-2023-28827"},{"name":"CVE-2023-44373","url":"https://www.cve.org/CVERecord?id=CVE-2023-44373"},{"name":"CVE-2024-35783","url":"https://www.cve.org/CVERecord?id=CVE-2024-35783"},{"name":"CVE-2024-38355","url":"https://www.cve.org/CVERecord?id=CVE-2024-38355"},{"name":"CVE-2024-37994","url":"https://www.cve.org/CVERecord?id=CVE-2024-37994"}],"links":[],"reference":"CERTFR-2024-AVI-0757","revisions":[{"description":"Version initiale","revision_date":"2024-09-10T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Non sp\u00e9cifi\u00e9 par l'\u00e9diteur"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens","vendor_advisories":[{"published_at":"2024-09-10","title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-721642","url":"https://cert-portal.siemens.com/productcert/html/ssa-721642.html"},{"published_at":"2024-09-10","title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-969738","url":"https://cert-portal.siemens.com/productcert/html/ssa-969738.html"},{"published_at":"2024-09-10","title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-673996","url":"https://cert-portal.siemens.com/productcert/html/ssa-673996.html"},{"published_at":"2024-09-10","title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-773256","url":"https://cert-portal.siemens.com/productcert/html/ssa-773256.html"},{"published_at":"2024-09-10","title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-423808","url":"https://cert-portal.siemens.com/productcert/html/ssa-423808.html"},{"published_at":"2024-09-10","title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-039007","url":"https://cert-portal.siemens.com/productcert/html/ssa-039007.html"},{"published_at":"2024-09-10","title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-629254","url":"https://cert-portal.siemens.com/productcert/html/ssa-629254.html"},{"published_at":"2024-09-10","title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-765405","url":"https://cert-portal.siemens.com/productcert/html/ssa-765405.html"}]}