{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SiteIQ Analytics V1.1, V1.2, and V1.3","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Desigo XWP V5.00.204, V5.00.260, V5.10.142, V5.10.212, V6.00.184, V6.00.342 et V6.10.172","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Annual Shading V1.0.4 et V1.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"License Management System (LMS) toutes versions ant\u00e9rieures \u00e0 V2.1 SP3 (2.1.670)","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siveillance Identity V1.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Desigo ABT MP1.1 Build 845, MP1.15 Build 360, MP1.16 Build 055, MP1.2 Build 850, MP1.2.1 Build 318 et MP2.1 Build 965","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Desigo CC MP1.1, MP2.0, MP2.1 et MP3.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Desigo Configuration Manager (DCM) V6.10.140","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2017-11496","url":"https://www.cve.org/CVERecord?id=CVE-2017-11496"},{"name":"CVE-2017-12822","url":"https://www.cve.org/CVERecord?id=CVE-2017-12822"},{"name":"CVE-2017-12818","url":"https://www.cve.org/CVERecord?id=CVE-2017-12818"},{"name":"CVE-2017-11498","url":"https://www.cve.org/CVERecord?id=CVE-2017-11498"},{"name":"CVE-2017-12820","url":"https://www.cve.org/CVERecord?id=CVE-2017-12820"},{"name":"CVE-2017-12819","url":"https://www.cve.org/CVERecord?id=CVE-2017-12819"},{"name":"CVE-2017-12821","url":"https://www.cve.org/CVERecord?id=CVE-2017-12821"},{"name":"CVE-2017-11497","url":"https://www.cve.org/CVERecord?id=CVE-2017-11497"}],"links":[],"reference":"CERTFR-2018-AVI-157","revisions":[{"description":"Version initiale","revision_date":"2018-03-29T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SCADA\nSiemens Building Technologies. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de\nservice \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits SCADA Siemens Building Technologies","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-727467 du 28 mars 2018","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-727467.pdf"}]}