{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SIMATIC WinCC Add-On PM-OPEN PV02 versions V1.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PM-OPEN TCP/IP versions V8.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PI CONNECT AUDIT TRAIL versions V1.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Extension Unit 19\" PROFINET versions ant\u00e9rieures \u00e0 V01.01.01","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Extension Unit 12\" PROFINET versions ant\u00e9rieures \u00e0 V01.01.01","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PM-MAINT versions V9.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On SIPAPER IT MIS versions V7.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On SICEMENT IT MIS versions V7.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PM-QUALITY versions V9.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CP 1243-8 versions ant\u00e9rieures \u00e0 V2.1.82","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CP 1242-7 GPRS V2 versions ant\u00e9rieures \u00e0 V2.1.82","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PM-OPEN EXPORT versions V7.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Extension Unit 22\" PROFINET versions ant\u00e9rieures \u00e0 V01.01.01","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CP 1243-7 LTE/US versions ant\u00e9rieures \u00e0 V2.1.82","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PM-OPEN HOST-S versions V7.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Extension Unit 15\" PROFINET versions ant\u00e9rieures \u00e0 V01.01.01","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PI CONNECT ALARM versions V2.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PM-OPEN PI versions V7.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PM-AGENT versions V5.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PM-CONTROL versions V10.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On Historian CONNECT ALARM versions V5.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PM-OPEN IMPORT versions V6.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC Add-On PM-ANALYZE versions V7.x et ant\u00e9rieures","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2017-11496","url":"https://www.cve.org/CVERecord?id=CVE-2017-11496"},{"name":"CVE-2017-2680","url":"https://www.cve.org/CVERecord?id=CVE-2017-2680"},{"name":"CVE-2017-11498","url":"https://www.cve.org/CVERecord?id=CVE-2017-11498"},{"name":"CVE-2017-11497","url":"https://www.cve.org/CVERecord?id=CVE-2017-11497"}],"links":[],"reference":"CERTFR-2018-AVI-041","revisions":[{"description":"Version initiale","revision_date":"2018-01-18T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSiemens . Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-127490 du 18 janvier 2018","url":"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-127490.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-284673 du 18 janvier 2018","url":"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-284673.pdf"}]}