{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"LOGO! Soft Comfort toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siveillance Video Open Network Bridge:2019 R2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Solid Edge SE2021 versions ant\u00e9rieures \u00e0 SE2021MP4","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC NET CP 443-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siveillance Video Open Network Bridge:2019 R3","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Nucleus NET versions ant\u00e9rieures \u00e0 5.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"TIM 3V-IE / TIM 3V-IE Advanced (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 V2.6.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SiNVR/SiVMS Video Server toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Nucleus RTOS versions contenant le module DNS affect\u00e9","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC NET CP 343-1 Advanced (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.0.44","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Solid Edge SE2020 toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC NET CP 343-1 Lean (incl. SIPLUS vari-ants) versions ant\u00e9rieures \u00e0 V3.1.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC NET CP 443-5 Basic (incl. SIPLUS vari-ants) toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Opcenter Quality versions ant\u00e9rieures \u00e0 12.2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siveillance Video Open Network Bridge:2019 R1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC NET CP 443-5 Extended toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"VSTAR versions contenant le module DNS affect\u00e9","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Control Center Server (CCS) toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"TIM 4R-IE (incl. SIPLUS NET variants) toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siveillance Video Open Network Bridge:2020 R1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siveillance Video Open Network Bridge:2020 R2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC NET CP 343-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.1.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC NET CP 443-1 Standard (incl. SIPLUSvariants) versions ant\u00e9rieures \u00e0 V3.2.9","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC NET CP 342-5 (incl. SIPLUS variants) toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siveillance Video Open Network Bridge:2018 R2","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Nucleus ReadyStart toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Nucleus 4 versions ant\u00e9rieures \u00e0 4.1.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siveillance Video Open Network Bridge:2018 R3","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"QMS Automotive versions ant\u00e9rieures \u00e0 12.30","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Tecnomatix RobotExpert versions ant\u00e9rieures \u00e0 16.1","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"TIM 3V-IE DNP3 (incl. SIPLUS NET variants) versions ant\u00e9rieures \u00e0 V3.1.0","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Siveillance Video Open Network Bridge:2020 R3","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"Nucleus Source Code versions contenant le module DNS affect\u00e9","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"TIM 4R-IE DNP3 (incl. SIPLUS NET variants) toutes versions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMOTICS CONNECT 400 toutes verions","product":{"name":"N/A","vendor":{"name":"Siemens","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-27009","url":"https://www.cve.org/CVERecord?id=CVE-2020-27009"},{"name":"CVE-2015-7855","url":"https://www.cve.org/CVERecord?id=CVE-2015-7855"},{"name":"CVE-2019-18339","url":"https://www.cve.org/CVERecord?id=CVE-2019-18339"},{"name":"CVE-2016-1547","url":"https://www.cve.org/CVERecord?id=CVE-2016-1547"},{"name":"CVE-2015-7973","url":"https://www.cve.org/CVERecord?id=CVE-2015-7973"},{"name":"CVE-2016-4953","url":"https://www.cve.org/CVERecord?id=CVE-2016-4953"},{"name":"CVE-2021-27389","url":"https://www.cve.org/CVERecord?id=CVE-2021-27389"},{"name":"CVE-2021-27382","url":"https://www.cve.org/CVERecord?id=CVE-2021-27382"},{"name":"CVE-2020-27736","url":"https://www.cve.org/CVERecord?id=CVE-2020-27736"},{"name":"CVE-2021-27380","url":"https://www.cve.org/CVERecord?id=CVE-2021-27380"},{"name":"CVE-2015-5219","url":"https://www.cve.org/CVERecord?id=CVE-2015-5219"},{"name":"CVE-2016-1550","url":"https://www.cve.org/CVERecord?id=CVE-2016-1550"},{"name":"CVE-2015-7977","url":"https://www.cve.org/CVERecord?id=CVE-2015-7977"},{"name":"CVE-2015-7705","url":"https://www.cve.org/CVERecord?id=CVE-2015-7705"},{"name":"CVE-2021-27392","url":"https://www.cve.org/CVERecord?id=CVE-2021-27392"},{"name":"CVE-2019-19956","url":"https://www.cve.org/CVERecord?id=CVE-2019-19956"},{"name":"CVE-2021-25663","url":"https://www.cve.org/CVERecord?id=CVE-2021-25663"},{"name":"CVE-2020-15795","url":"https://www.cve.org/CVERecord?id=CVE-2020-15795"},{"name":"CVE-2015-8138","url":"https://www.cve.org/CVERecord?id=CVE-2015-8138"},{"name":"CVE-2016-4954","url":"https://www.cve.org/CVERecord?id=CVE-2016-4954"},{"name":"CVE-2021-25664","url":"https://www.cve.org/CVERecord?id=CVE-2021-25664"},{"name":"CVE-2020-25243","url":"https://www.cve.org/CVERecord?id=CVE-2020-25243"},{"name":"CVE-2015-7974","url":"https://www.cve.org/CVERecord?id=CVE-2015-7974"},{"name":"CVE-2015-8214","url":"https://www.cve.org/CVERecord?id=CVE-2015-8214"},{"name":"CVE-2019-19299","url":"https://www.cve.org/CVERecord?id=CVE-2019-19299"},{"name":"CVE-2020-28385","url":"https://www.cve.org/CVERecord?id=CVE-2020-28385"},{"name":"CVE-2021-25678","url":"https://www.cve.org/CVERecord?id=CVE-2021-25678"},{"name":"CVE-2020-7595","url":"https://www.cve.org/CVERecord?id=CVE-2020-7595"},{"name":"CVE-2021-27393","url":"https://www.cve.org/CVERecord?id=CVE-2021-27393"},{"name":"CVE-2020-25244","url":"https://www.cve.org/CVERecord?id=CVE-2020-25244"},{"name":"CVE-2019-18340","url":"https://www.cve.org/CVERecord?id=CVE-2019-18340"},{"name":"CVE-2021-25670","url":"https://www.cve.org/CVERecord?id=CVE-2021-25670"},{"name":"CVE-2015-7979","url":"https://www.cve.org/CVERecord?id=CVE-2015-7979"},{"name":"CVE-2015-7871","url":"https://www.cve.org/CVERecord?id=CVE-2015-7871"},{"name":"CVE-2020-27738","url":"https://www.cve.org/CVERecord?id=CVE-2020-27738"},{"name":"CVE-2019-19298","url":"https://www.cve.org/CVERecord?id=CVE-2019-19298"},{"name":"CVE-2020-26997","url":"https://www.cve.org/CVERecord?id=CVE-2020-26997"},{"name":"CVE-2019-19291","url":"https://www.cve.org/CVERecord?id=CVE-2019-19291"},{"name":"CVE-2020-27737","url":"https://www.cve.org/CVERecord?id=CVE-2020-27737"},{"name":"CVE-2019-19297","url":"https://www.cve.org/CVERecord?id=CVE-2019-19297"},{"name":"CVE-2016-1548","url":"https://www.cve.org/CVERecord?id=CVE-2016-1548"},{"name":"CVE-2021-25677","url":"https://www.cve.org/CVERecord?id=CVE-2021-25677"},{"name":"CVE-2019-19296","url":"https://www.cve.org/CVERecord?id=CVE-2019-19296"}],"links":[],"reference":"CERTFR-2021-AVI-255","revisions":[{"description":"Version initiale","revision_date":"2021-04-14T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Ex\u00e9cution de code arbitraire"},{"description":"D\u00e9ni de service"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-788287 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-788287.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-248289 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-248289.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-853866 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-853866.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-185699 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-185699.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-983300 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-983300.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-844761 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-844761.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-163226 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-163226.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-763427 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-763427.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-497656 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-497656.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-761617 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-761617.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-669158 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-669158.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-574442 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-574442.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-705111 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-705111.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-292794 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-292794.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-761844 du 13 avril 2021","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-761844.pdf"}]}