{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SIPROTEC 5 types 6MD85, 6MD86,6MD89, 7UM85, 7SA87, 7SD87, 7SL87, 7VK87,7SA82, 7SA86, 7SD82, 7SD86, 7SL82, 7SL86,7SJ86, 7SK82, 7SK85, 7SJ82, 7SJ85, 7UT82,7UT85, 7UT86, 7UT87 et 7VE85 versions ant\u00e9rieures \u00e0 V7.90","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Spectrum Power 3, 4, 5 et 7","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"RAPIDPoint 500","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC627E avec un BIOS d'une version ant\u00e9rieure \u00e0 V25.02.04","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC PCS 7 V8.2 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SENSIS Dell High-End Server (VC12), Mat. Nr.10910620: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Sensis SIS Server Machine, Mat. Nr. 06648153: versions ant\u00e9rieures \u00e0 VC11D, VC12M, VD11B sans le correctif AX037/19/P","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC RF68XR versions ant\u00e9rieures \u00e0 V3.2.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC427E avec un BIOS d'une version ant\u00e9rieure \u00e0 V21.01.11","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC647E avec un BIOS d'une version ant\u00e9rieure \u00e0 V25.02.04","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"TIA Administrator versions ant\u00e9rieures \u00e0 V1.0 SP1 Upd1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 Upd 3","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC847E avec un BIOS d'une version ant\u00e9rieure \u00e0 V25.02.04","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC677E avec un BIOS d'une version ant\u00e9rieure \u00e0 V25.02.04","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC RF615R versions ant\u00e9rieures \u00e0 V3.2.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC477E Pro avec un BIOS d'une version ant\u00e9rieure \u00e0 V21.01.11","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Sensis High End SIS Server, Mat. Nr. 10140973: versions ant\u00e9rieures \u00e0 VC11D, VC12M sans le correctif AX037/19/P","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC477E avec un BIOS d'une version ant\u00e9rieure \u00e0 V21.01.11","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"DIGSI 5 versions ant\u00e9rieures \u00e0 V7.90","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC PCS 7 V9.0 avec WinCC versions ant\u00e9rieures \u00e0 V7.4 SP1 Upd 11","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"VM SIS Virtual Server, Mat. Nr. 10765502: versions ant\u00e9rieures \u00e0 VC12M sans le correctif AX037/19/P","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2019-11091","url":"https://www.cve.org/CVERecord?id=CVE-2019-11091"},{"name":"CVE-2016-6329","url":"https://www.cve.org/CVERecord?id=CVE-2016-6329"},{"name":"CVE-2018-12127","url":"https://www.cve.org/CVERecord?id=CVE-2018-12127"},{"name":"CVE-2018-12130","url":"https://www.cve.org/CVERecord?id=CVE-2018-12130"},{"name":"CVE-2013-0169","url":"https://www.cve.org/CVERecord?id=CVE-2013-0169"},{"name":"CVE-2019-10930","url":"https://www.cve.org/CVERecord?id=CVE-2019-10930"},{"name":"CVE-2019-10915","url":"https://www.cve.org/CVERecord?id=CVE-2019-10915"},{"name":"CVE-2019-10931","url":"https://www.cve.org/CVERecord?id=CVE-2019-10931"},{"name":"CVE-2019-10935","url":"https://www.cve.org/CVERecord?id=CVE-2019-10935"},{"name":"CVE-2018-12126","url":"https://www.cve.org/CVERecord?id=CVE-2018-12126"},{"name":"CVE-2019-10933","url":"https://www.cve.org/CVERecord?id=CVE-2019-10933"},{"name":"CVE-2019-0708","url":"https://www.cve.org/CVERecord?id=CVE-2019-0708"},{"name":"CVE-2011-3389","url":"https://www.cve.org/CVERecord?id=CVE-2011-3389"}],"links":[],"reference":"CERTFR-2019-AVI-311","revisions":[{"description":"Version initiale","revision_date":"2019-07-09T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 l'int\u00e9grit\u00e9\ndes donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-166360 du 09 juillet 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-616199 du 09 juillet 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-121293 du 09 juillet 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-121293.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-721298 du 09 juillet 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-721298.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-616472 du 09 juillet 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-616472.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-747162 du 09 juillet 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-747162.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-899560 du 09 juillet 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-899560.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-556833 du 09 juillet 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"}]}