{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>SICAM P850 versions ant\u00e9rieures \u00e0 3.00</li> <li>Simcenter Femap versions ant\u00e9rieures \u00e0 2022.2</li> <li>SIMATIC NET PC Software versions 14.x ant\u00e9rieures \u00e0 14 SP1 Update 14</li> <li>SIMATIC NET PC Software versions 17.x ant\u00e9rieures \u00e0 17 SP1</li> <li>SIMATIC Process Historian OPC UA Server versions ant\u00e9rieures \u00e0 2020 SP1</li> <li>SIMATIC WinCC versions 7.5.x ant\u00e9rieures \u00e0 V7.5 SP2 Update 8</li> <li>SIMATIC CP 442-1 RNA versions ant\u00e9rieures \u00e0 1.5.18</li> <li>SIMATIC CP 443-1 RNA versions ant\u00e9rieures \u00e0 1.5.18</li> <li>JT2Go versions ant\u00e9rieures \u00e0 13.3.0.3</li> <li>Teamcenter Visualization versions 13.3.x ant\u00e9rieures \u00e0 13.3.0.3</li> <li>Teamcenter Visualization versions 14.0.x ant\u00e9rieures \u00e0 14.0.0.1</li> <li>Desigo DXR2 versions ant\u00e9rieures \u00e0 01.21.142.5-22</li> <li>Desigo PXC3 versions ant\u00e9rieures \u00e0 01.21.142.4-18</li> <li>Desigo PXC4 versions ant\u00e9rieures \u00e0 02.20.142.10-10884</li> <li>Desigo PXC5 versions ant\u00e9rieures \u00e0 02.20.142.10-10884</li> <li>RUGGEDCOM RM1224 LTE(4G) EU et RM1224 LTE(4G) NAM versions ant\u00e9rieures \u00e0 7.1</li> <li>SCALANCE M804PB, M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2), M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2), M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2), M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2), M826-2 SHDSL-Router (6GK5826-2AB00-2AB2), M874-2 (6GK5874-2AA00-2AA2), M874-3 (6GK5874-3AA00-2AA2), M876-3 (EVDO) (6GK5876-3AA02-2BA2), M876-3 (ROK) (6GK5876-3AA02-2EA2), M876-4 (EU) (6GK5876-4AA00-2BA2), M876-4 (NAM) (6GK5876-4AA00-2DA2), MUM856-1 (EU) (6GK5856-2EA00-3DA1), MUM856-1 (RoW) (6GK5856-2EA00-3AA1) et S615 (6GK5615-0AA00-2AA2) versions ant\u00e9rieures \u00e0 7.1</li> <li>SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) versions ant\u00e9rieures \u00e0 3.0.22</li> <li>SIMATIC RTU3010C (6NH3112-0BA00-0XX0), RTU3030C (6NH3112-3BA00-0XX0), RTU3031C (6NH3112-3BB00-0XX0) et RTU3041C (6NH3112-4BB00-0XX0) versions ant\u00e9rieures \u00e0 5.0.14</li> <li>SIPLUS NET CP 1543-1 versions ant\u00e9rieures \u00e0 3.0.22</li> <li>OpenV2G versions ant\u00e9rieures \u00e0 0.9.5</li> <li>Teamcenter versions 12.4.x ant\u00e9rieures \u00e0 12.4.0.13</li> <li>Teamcenter versions 13.0.x ant\u00e9rieures \u00e0 13.0.0.9</li> <li>Teamcenter versions 13.2.x ant\u00e9rieures \u00e0 13.2.0.8</li> <li>Teamcenter versions 13.3.x ant\u00e9rieures \u00e0 13.3.0.3</li> <li>SIMATIC Reader RF610R CMIIT (6GT2811-6BC10-2AA0), RF610R ETSI (6GT2811-6BC10-0AA0), RF610R FCC (6GT2811-6BC10-1AA0), RF615R CMIIT (6GT2811-6CC10-2AA0), RF615R ETSI (6GT2811-6CC10-0AA0), RF615R FCC (6GT2811-6CC10-1AA0), RF650R ARIB (6GT2811-6AB20-4AA0), RF650R CMIIT (6GT2811-6AB20-2AA0), RF650R ETSI (6GT2811-6AB20-0AA0), RF650R FCC (6GT2811-6AB20-1AA0), RF680R ARIB (6GT2811-6AA10-4AA0), RF680R CMIIT (6GT2811-6AA10-2AA0), RF680R ETSI (6GT2811-6AA10-0AA0), RF680R FCC (6GT2811-6AA10-1AA0), RF685R ARIB (6GT2811-6CA10-4AA0), RF685R CMIIT (6GT2811-6CA10-2AA0), RF685R ETSI (6GT2811-6CA10-0AA0) et RF685R FCC (6GT2811-6CA10-1AA0) versions 3.0.x ant\u00e9rieures \u00e0 4.0</li> <li>SIMATIC RF166C (6GT2002-0EE20), RF185C (6GT2002-0JE10), RF186C (6GT2002-0JE20), RF186CI (6GT2002-0JE50), RF188C (6GT2002-0JE40) et RF188CI (6GT2002-0JE60) versions 1.1.x ant\u00e9rieures \u00e0 1.3.2</li> <li>SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 2.0</li> </ul> <p>En fonction de la vuln\u00e9rabilit\u00e9, l'\u00e9diteur ne pr\u00e9voit pas de correctif de s\u00e9curit\u00e9 pour les produits suivants :</p> <ul> <li>SITOP Manager toutes versions</li> <li>TeleControl Server Basic versions 3.x</li> <li>SIMATIC NET PC Software versions 15.x</li> <li>SIMATIC NET PC Software versions 16.x</li> <li>SIMATIC WinCC versions 16.x</li> <li>SIMATIC WinCC versions 17.x</li> <li>SIMATIC WinCC Runtime Professional toutes versions</li> <li>SIMATIC WinCC Unified Scada Runtime toutes versions</li> <li>SIMATIC PCS 7 versions 9.0.x et ant\u00e9rieures</li> <li>SIMATIC PCS 7 versions 9.1.x</li> <li>LOGO! CMR family toutes versions</li> <li>SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions</li> <li>Teamcenter versions 13.1.x</li> <li>Teamcenter versions 14.0.x</li> </ul> <p>Se r\u00e9f\u00e9rer aux mesures de contournement list\u00e9es dans les avis de l'\u00e9diteur.</p> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-27653","url":"https://www.cve.org/CVERecord?id=CVE-2022-27653"},{"name":"CVE-2022-24043","url":"https://www.cve.org/CVERecord?id=CVE-2022-24043"},{"name":"CVE-2022-29879","url":"https://www.cve.org/CVERecord?id=CVE-2022-29879"},{"name":"CVE-2022-24044","url":"https://www.cve.org/CVERecord?id=CVE-2022-24044"},{"name":"CVE-2022-24041","url":"https://www.cve.org/CVERecord?id=CVE-2022-24041"},{"name":"CVE-2022-27242","url":"https://www.cve.org/CVERecord?id=CVE-2022-27242"},{"name":"CVE-2021-22901","url":"https://www.cve.org/CVERecord?id=CVE-2021-22901"},{"name":"CVE-2022-24290","url":"https://www.cve.org/CVERecord?id=CVE-2022-24290"},{"name":"CVE-2022-29880","url":"https://www.cve.org/CVERecord?id=CVE-2022-29880"},{"name":"CVE-2022-24045","url":"https://www.cve.org/CVERecord?id=CVE-2022-24045"},{"name":"CVE-2022-29882","url":"https://www.cve.org/CVERecord?id=CVE-2022-29882"},{"name":"CVE-2022-24039","url":"https://www.cve.org/CVERecord?id=CVE-2022-24039"},{"name":"CVE-2022-24042","url":"https://www.cve.org/CVERecord?id=CVE-2022-24042"},{"name":"CVE-2021-22924","url":"https://www.cve.org/CVERecord?id=CVE-2021-22924"},{"name":"CVE-2022-29033","url":"https://www.cve.org/CVERecord?id=CVE-2022-29033"},{"name":"CVE-2022-24040","url":"https://www.cve.org/CVERecord?id=CVE-2022-24040"},{"name":"CVE-2022-24287","url":"https://www.cve.org/CVERecord?id=CVE-2022-24287"},{"name":"CVE-2021-41545","url":"https://www.cve.org/CVERecord?id=CVE-2021-41545"},{"name":"CVE-2022-29873","url":"https://www.cve.org/CVERecord?id=CVE-2022-29873"},{"name":"CVE-2022-29801","url":"https://www.cve.org/CVERecord?id=CVE-2022-29801"},{"name":"CVE-2021-40142","url":"https://www.cve.org/CVERecord?id=CVE-2021-40142"},{"name":"CVE-2022-29874","url":"https://www.cve.org/CVERecord?id=CVE-2022-29874"},{"name":"CVE-2022-27640","url":"https://www.cve.org/CVERecord?id=CVE-2022-27640"},{"name":"CVE-2022-29876","url":"https://www.cve.org/CVERecord?id=CVE-2022-29876"},{"name":"CVE-2022-29877","url":"https://www.cve.org/CVERecord?id=CVE-2022-29877"},{"name":"CVE-2021-45117","url":"https://www.cve.org/CVERecord?id=CVE-2021-45117"},{"name":"CVE-2022-29029","url":"https://www.cve.org/CVERecord?id=CVE-2022-29029"},{"name":"CVE-2022-29881","url":"https://www.cve.org/CVERecord?id=CVE-2022-29881"},{"name":"CVE-2022-29032","url":"https://www.cve.org/CVERecord?id=CVE-2022-29032"},{"name":"CVE-2022-29872","url":"https://www.cve.org/CVERecord?id=CVE-2022-29872"},{"name":"CVE-2022-29878","url":"https://www.cve.org/CVERecord?id=CVE-2022-29878"},{"name":"CVE-2021-31340","url":"https://www.cve.org/CVERecord?id=CVE-2021-31340"},{"name":"CVE-2022-29031","url":"https://www.cve.org/CVERecord?id=CVE-2022-29031"},{"name":"CVE-2022-29030","url":"https://www.cve.org/CVERecord?id=CVE-2022-29030"},{"name":"CVE-2022-29028","url":"https://www.cve.org/CVERecord?id=CVE-2022-29028"},{"name":"CVE-2022-29883","url":"https://www.cve.org/CVERecord?id=CVE-2022-29883"}],"links":[],"reference":"CERTFR-2022-AVI-435","revisions":[{"description":"Version initiale","revision_date":"2022-05-10T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-736385 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-736385.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-732250 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-732250.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-321292 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-321292.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-787292 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-787292.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-162616 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-162616.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-553086 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-553086.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-480937 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-480937.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-626968 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-626968.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-363107 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-363107.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-789162 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-789162.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-165073 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-165073.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-662649 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-662649.html"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Siemens ssa-285795 du 10 mai 2022","url":"https://cert-portal.siemens.com/productcert/html/ssa-285795.html"}]}