{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Modicon M221 versions ant\u00e9rieures \u00e0 V1.6.2.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"PowerLogic PM5560 versions ant\u00e9rieures \u00e0 2.5.4","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Cl\u00e9s USB fournies avec toutes les versions de Conext Battery Monitor (sku 865-1080-01)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Cl\u00e9s USB fournies avec toutes les versions de Conext Combox (sku 865-1058)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2018-7790","url":"https://www.cve.org/CVERecord?id=CVE-2018-7790"},{"name":"CVE-2018-7789","url":"https://www.cve.org/CVERecord?id=CVE-2018-7789"},{"name":"CVE-2018-7792","url":"https://www.cve.org/CVERecord?id=CVE-2018-7792"},{"name":"CVE-2018-7795","url":"https://www.cve.org/CVERecord?id=CVE-2018-7795"},{"name":"CVE-2018-7791","url":"https://www.cve.org/CVERecord?id=CVE-2018-7791"}],"links":[],"reference":"CERTFR-2018-AVI-418","revisions":[{"description":"Version initiale","revision_date":"2018-08-31T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSchneider Electric . Certaines d'entre elles permettent \u00e0 un attaquant\nde provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Schneider Electric","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SEVD-2018-228-01 du 16 ao\u00fbt 2018","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-228-01-PowerLogic+PM5560.pdf&p_Doc_Ref=SEVD-2018-228-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SEVD-2018-233-01 du 21 ao\u00fbt 2018","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-233-01+Modicon+M221.pdf&p_Doc_Ref=SEVD-2018-233-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SEVD-2018-235-01 du 23 ao\u00fbt 2018","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2018-235-01-Modicon-M221.pdf&p_Doc_Ref=SEVD-2018-235-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric SESN-2018-236-01 du 24 ao\u00fbt 2018","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SESN-2018-236-01+Conext+USB+Malware.pdf&p_Doc_Ref=SESN-2018-236-01"}]}