{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>Conext Control toutes versions</li> <li>EcoStruxure Substation Operation Gateway, anciennement PACiS Gateway, versions ant\u00e9rieures \u00e0 3.606.100.600.1</li> <li>Triconex TriStation Emulator Version 1.2.0</li> <li>Toutes les variantes de EGX100: <ul> <li>EGX100SD</li> <li>EGX100MG</li> <li>EGX100SQD</li> <li>EGX100SDR</li> <li>EGX100M</li> <li>EGX100MGAA</li> <li>EGX100MGBA</li> <li>EGX100MGBB</li> <li>EGX100MGBC</li> </ul> </li> <li>Toutes les variantes de ECI850: <ul> <li>ECI850</li> <li>ECI850MG</li> </ul> </li> <li>ConneXium Industrial Firewall/Router: <ul> <li>TCSEFEC2CF3F21 (MM/TX) versions ant\u00e9rieures \u00e0 V5.33</li> <li>TCSEFEC23FCF21 (TX/MM) versions ant\u00e9rieures \u00e0 V5.33</li> <li>TCSEFEC23F3F21 (TX/TX) versions ant\u00e9rieures \u00e0 V5.33</li> <li>Easergy Micom C264 versions ant\u00e9rieures \u00e0 D5.24 \u2013 C264 D5.X, 1.79 \u2013 C264 D1.X et D4.25 \u2013 C264 D4.X</li> </ul> </li> <li>Modicon X80 modules d'I/O: <ul> <li>Modicon M580 IEC 61850 module</li> <li>Modicon Network Option Switch</li> <li>Modicon X80 - I/O Drop Adapters</li> <li>Modicon X80 - BMEAHI0812 HART Analog Input Module</li> </ul> </li> <li>Modicon Momentum Unity</li> <li>Modicon Quantum 140 CRA</li> <li>Modicon Quantum Head 140 CRP</li> <li>Modicon Quantum 140 NOP Communications Module</li> </ul> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2019-11091","url":"https://www.cve.org/CVERecord?id=CVE-2019-11091"},{"name":"CVE-2018-7803","url":"https://www.cve.org/CVERecord?id=CVE-2018-7803"},{"name":"CVE-2019-1182","url":"https://www.cve.org/CVERecord?id=CVE-2019-1182"},{"name":"CVE-2019-1222","url":"https://www.cve.org/CVERecord?id=CVE-2019-1222"},{"name":"CVE-2018-12127","url":"https://www.cve.org/CVERecord?id=CVE-2018-12127"},{"name":"CVE-2019-1224","url":"https://www.cve.org/CVERecord?id=CVE-2019-1224"},{"name":"CVE-2018-12130","url":"https://www.cve.org/CVERecord?id=CVE-2018-12130"},{"name":"CVE-2019-1226","url":"https://www.cve.org/CVERecord?id=CVE-2019-1226"},{"name":"CVE-2019-1223","url":"https://www.cve.org/CVERecord?id=CVE-2019-1223"},{"name":"CVE-2019-1225","url":"https://www.cve.org/CVERecord?id=CVE-2019-1225"},{"name":"CVE-2019-1181","url":"https://www.cve.org/CVERecord?id=CVE-2019-1181"},{"name":"CVE-2018-12126","url":"https://www.cve.org/CVERecord?id=CVE-2018-12126"},{"name":"CVE-2018-7834","url":"https://www.cve.org/CVERecord?id=CVE-2018-7834"},{"name":"CVE-2019-0708","url":"https://www.cve.org/CVERecord?id=CVE-2019-0708"}],"links":[],"reference":"CERTFR-2019-AVI-553","revisions":[{"description":"Version initiale","revision_date":"2019-11-12T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"D\u00e9ni de service"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SESB-2019-214-01 du 12 novembre 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SESB-2019-214-01-Wind_River_VxWorks_Security_Bulletin_V2.2.pdf&p_Doc_Ref=SESB-2019-214-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-07 du 12 novembre 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-134-07_ConneXium_and_PowerLogic_Gateway_V2.pdf&p_Doc_Ref=SEVD-2019-134-07"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-193-02 du 12 novembre 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-193-02_MicrosoftRDS-Product_InformationV1.4.pdf&p_Doc_Ref=SEVD-2019-193-02"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-071-03 du 12 novembre 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-071-03-TriStation_Emulator_V2.pdf&p_Doc_Ref=SEVD-2019-071-03"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-267-01 du 12 novembre 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-267-01_MicrosoftRDS-DejaBlue-Product_InformationV1.1.pdf&p_Doc_Ref=SEVD-2019-267-01"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-193-01 du 12 novembre 2019","url":"https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet&p_File_Name=SEVD-2019-193-01_IntelMDS-Product_InformationV1.3.pdf&p_Doc_Ref=SEVD-2019-193-01"}]}