{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SIMATIC PROFINET Driver versions ant\u00e9rieures \u00e0 V2.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINAMICS G120 V4.7 (PN Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CFU PA versions ant\u00e9rieures \u00e0 V1.2.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINAMICS S120 V4.7 (Control Unit et CBE20) versions ant\u00e9rieures \u00e0 V4.7 HF34 ou V5.2 HF2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINAMICS GH150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC ET 200SP IM 155-6 PN/2 HF versions ant\u00e9rieures \u00e0 V4.2.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINAMICS G120 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC ET 200SP IM 155-6 PN/3 HF versions ant\u00e9rieures \u00e0 V4.2.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SCALANCE X-200IRT versions ant\u00e9rieures \u00e0 V5.4.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINAMICS G130 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 HF29 ou V5.2 HF2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller versions ant\u00e9rieures \u00e0 V4.1.1 Patch 05","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.5.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINAMICS GL150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"CP1616 versions ant\u00e9rieures \u00e0 V2.8","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINAMICS G110M V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC ET 200MP IM 155-5 PN BA versions ant\u00e9rieures \u00e0 V4.2.3","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINAMICS G110M V4.7 (PN Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINAMICS DCM versions ant\u00e9rieures \u00e0 V1.5 HF1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINAMICS GM150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IT UADM versions ant\u00e9rieures \u00e0 V1.3","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5.0 Patch 01","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC S7-400H V6 versions ant\u00e9rieures \u00e0 V6.0.9","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC WinAC RTX (F) 2010 versions ant\u00e9rieures \u00e0 SIMATIC WinAC RTX 2010 SP3 avec les mises \u00e0 jour BIOS et Windows","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC ET 200SP IM 155-6 PN HF versions ant\u00e9rieures \u00e0 V4.2.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"CP1604 versions ant\u00e9rieures \u00e0 V2.8","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINUMERIK 828D versions ant\u00e9rieures \u00e0 V4.8 SP5","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2019-11091","url":"https://www.cve.org/CVERecord?id=CVE-2019-11091"},{"name":"CVE-2018-12127","url":"https://www.cve.org/CVERecord?id=CVE-2018-12127"},{"name":"CVE-2019-10936","url":"https://www.cve.org/CVERecord?id=CVE-2019-10936"},{"name":"CVE-2017-5754","url":"https://www.cve.org/CVERecord?id=CVE-2017-5754"},{"name":"CVE-2018-12130","url":"https://www.cve.org/CVERecord?id=CVE-2018-12130"},{"name":"CVE-2019-10923","url":"https://www.cve.org/CVERecord?id=CVE-2019-10923"},{"name":"CVE-2018-3620","url":"https://www.cve.org/CVERecord?id=CVE-2018-3620"},{"name":"CVE-2018-3639","url":"https://www.cve.org/CVERecord?id=CVE-2018-3639"},{"name":"CVE-2019-13929","url":"https://www.cve.org/CVERecord?id=CVE-2019-13929"},{"name":"CVE-2019-13921","url":"https://www.cve.org/CVERecord?id=CVE-2019-13921"},{"name":"CVE-2017-5753","url":"https://www.cve.org/CVERecord?id=CVE-2017-5753"},{"name":"CVE-2018-3646","url":"https://www.cve.org/CVERecord?id=CVE-2018-3646"},{"name":"CVE-2018-12126","url":"https://www.cve.org/CVERecord?id=CVE-2018-12126"},{"name":"CVE-2017-5715","url":"https://www.cve.org/CVERecord?id=CVE-2017-5715"},{"name":"CVE-2018-3640","url":"https://www.cve.org/CVERecord?id=CVE-2018-3640"},{"name":"CVE-2018-3615","url":"https://www.cve.org/CVERecord?id=CVE-2018-3615"}],"links":[],"reference":"CERTFR-2019-AVI-489","revisions":[{"description":"Version initiale","revision_date":"2019-10-08T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-608355 du 08 octobre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-349422 du 08 octobre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-878278 du 08 octobre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-473245 du 08 octobre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-984700 du 08 octobre 2019","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf"}]}