{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SCADAPack 300 E et 500 E series RTU (312E, 313E, 314E, 330E, 333E, 337E, 350E, 530E, 535E)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"SCADAPack 57x RTU (570, 575)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"SCADAPack 300 series RTU (314, 330, 334, 350)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M340 versions ant\u00e9rieures \u00e0 V2.70","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M580 versions ant\u00e9rieures \u00e0 V2.90","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Quantum versions ant\u00e9rieures \u00e0 V3.12","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Interactive Graphical SCADA System (IGSS) versions ant\u00e9rieures \u00e0 13.0.0.19140","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M580 versions ant\u00e9rieures \u00e0 V2.01","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Ethernet Module BMENOC0301 versions ant\u00e9rieures \u00e0 V2.16","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M340 versions ant\u00e9rieures \u00e0 V3.01","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Interactive Graphical SCADA System (IGSS) versions 14.x ant\u00e9rieures \u00e0 14.0.0.19120","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M221","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Zelio Soft 2 versions ant\u00e9rieures \u00e0 v5.3","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Premium versions ant\u00e9rieures \u00e0 V3.10","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"SCADAPack 32 RTU","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Control Expert versions ant\u00e9rieures \u00e0 V14.0 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon Momentum M1E 171CBU98090Modicon Momentum M1E 171CBU98091","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2017-6028","url":"https://www.cve.org/CVERecord?id=CVE-2017-6028"},{"name":"CVE-2018-7846","url":"https://www.cve.org/CVERecord?id=CVE-2018-7846"},{"name":"CVE-2019-6822","url":"https://www.cve.org/CVERecord?id=CVE-2019-6822"},{"name":"CVE-2018-7842","url":"https://www.cve.org/CVERecord?id=CVE-2018-7842"},{"name":"CVE-2018-7849","url":"https://www.cve.org/CVERecord?id=CVE-2018-7849"},{"name":"CVE-2018-7838","url":"https://www.cve.org/CVERecord?id=CVE-2018-7838"},{"name":"CVE-2019-6827","url":"https://www.cve.org/CVERecord?id=CVE-2019-6827"},{"name":"CVE-2018-7854","url":"https://www.cve.org/CVERecord?id=CVE-2018-7854"},{"name":"CVE-2018-7844","url":"https://www.cve.org/CVERecord?id=CVE-2018-7844"},{"name":"CVE-2018-7847","url":"https://www.cve.org/CVERecord?id=CVE-2018-7847"},{"name":"CVE-2019-6808","url":"https://www.cve.org/CVERecord?id=CVE-2019-6808"},{"name":"CVE-2018-7850","url":"https://www.cve.org/CVERecord?id=CVE-2018-7850"},{"name":"CVE-2018-7856","url":"https://www.cve.org/CVERecord?id=CVE-2018-7856"},{"name":"CVE-2018-7845","url":"https://www.cve.org/CVERecord?id=CVE-2018-7845"},{"name":"CVE-2018-7857","url":"https://www.cve.org/CVERecord?id=CVE-2018-7857"},{"name":"CVE-2019-6807","url":"https://www.cve.org/CVERecord?id=CVE-2019-6807"},{"name":"CVE-2019-6819","url":"https://www.cve.org/CVERecord?id=CVE-2019-6819"},{"name":"CVE-2019-6806","url":"https://www.cve.org/CVERecord?id=CVE-2019-6806"},{"name":"CVE-2018-7853","url":"https://www.cve.org/CVERecord?id=CVE-2018-7853"},{"name":"CVE-2018-7843","url":"https://www.cve.org/CVERecord?id=CVE-2018-7843"},{"name":"CVE-2018-7848","url":"https://www.cve.org/CVERecord?id=CVE-2018-7848"}],"links":[],"reference":"CERTFR-2019-AVI-312","revisions":[{"description":"Version initiale","revision_date":"2019-07-09T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-05 du 02 juillet 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-134-05-Modicon+Controllers-V1.1.pdf&p_Doc_Ref=SEVD-2019-134-05"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-190-01 du 09 juillet 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-190-01-Zelio-Soft-2.pdf&p_Doc_Ref=SEVD-2019-190-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2017-065-01 du 09 juillet 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2017-065-01-Modicon-SCADAPack-V2.0.pdf&p_Doc_Ref=SEVD-2017-065-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-11 du 09 juillet 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-134-11-Modicon-Controllers-V1.1.pdf&p_Doc_Ref=SEVD-2019-134-11"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-190-02 du 09 juillet 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-190-02-IGSS.pdf&p_Doc_Ref=SEVD-2019-190-02"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-190-03 du 09 juillet 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-190-03-Modicon-M580-Controller.pdf&p_Doc_Ref=SEVD-2019-190-03"}]}