{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Modicon MC80 sans le correctif de s\u00e9curit\u00e9 BMKC8020301","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"CANopen X80 Communication Module (BMECXM0100) toutes versions","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Modicon MC80 (BMKC80) versions ant\u00e9rieures \u00e0 1.8","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon MC80 Controller (BMKC8*) versions ant\u00e9rieures \u00e0 1.8","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M340 X80 Ethernet Communication Modules BMXNOE0110 (H) toutes versions","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M340 X80 Ethernet Communication Modules BMXNOE0100 (H) toutes versions","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure\u2122 Control Expert version 15.1 sans le dernier correctif de s\u00e9curit\u00e9","product":{"name":"N/A","vendor":{"name":"N/A","scada":false}}},{"description":"Modicon RTU BMXNOR0200H versions ant\u00e9rieures \u00e0 1.7 IR24","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M340 X80 Ethernet Communication Module BMXNOR0200H RTU versions ant\u00e9rieures \u00e0 1.7 IR24","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M340 Ethernet TCP/IP Network Module BMXNOC0401 versions ant\u00e9rieures \u00e0 2.11","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Profibus Remote Master (TCSEGPA23F14F) toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Lexium ILE ILA ILS Communication Drive versions ant\u00e9rieures \u00e0 01.110","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Modicon M340 X80 Ethernet Communication module BMXNOC0401 versions ant\u00e9rieures \u00e0 version 2.11","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2020-7564","url":"https://www.cve.org/CVERecord?id=CVE-2020-7564"},{"name":"CVE-2020-7563","url":"https://www.cve.org/CVERecord?id=CVE-2020-7563"},{"name":"CVE-2020-7535","url":"https://www.cve.org/CVERecord?id=CVE-2020-7535"},{"name":"CVE-2020-35198","url":"https://www.cve.org/CVERecord?id=CVE-2020-35198"},{"name":"CVE-2020-7549","url":"https://www.cve.org/CVERecord?id=CVE-2020-7549"},{"name":"CVE-2021-31401","url":"https://www.cve.org/CVERecord?id=CVE-2021-31401"},{"name":"CVE-2022-37301","url":"https://www.cve.org/CVERecord?id=CVE-2022-37301"},{"name":"CVE-2018-7241","url":"https://www.cve.org/CVERecord?id=CVE-2018-7241"},{"name":"CVE-2022-0222","url":"https://www.cve.org/CVERecord?id=CVE-2022-0222"},{"name":"CVE-2018-7242","url":"https://www.cve.org/CVERecord?id=CVE-2018-7242"},{"name":"CVE-2021-31400","url":"https://www.cve.org/CVERecord?id=CVE-2021-31400"},{"name":"CVE-2021-22788","url":"https://www.cve.org/CVERecord?id=CVE-2021-22788"},{"name":"CVE-2020-35685","url":"https://www.cve.org/CVERecord?id=CVE-2020-35685"},{"name":"CVE-2020-7562","url":"https://www.cve.org/CVERecord?id=CVE-2020-7562"},{"name":"CVE-2020-35683","url":"https://www.cve.org/CVERecord?id=CVE-2020-35683"},{"name":"CVE-2020-35684","url":"https://www.cve.org/CVERecord?id=CVE-2020-35684"},{"name":"CVE-2020-7536","url":"https://www.cve.org/CVERecord?id=CVE-2020-7536"},{"name":"CVE-2018-7857","url":"https://www.cve.org/CVERecord?id=CVE-2018-7857"},{"name":"CVE-2019-6807","url":"https://www.cve.org/CVERecord?id=CVE-2019-6807"},{"name":"CVE-2018-7240","url":"https://www.cve.org/CVERecord?id=CVE-2018-7240"},{"name":"CVE-2011-4859","url":"https://www.cve.org/CVERecord?id=CVE-2011-4859"},{"name":"CVE-2020-28895","url":"https://www.cve.org/CVERecord?id=CVE-2020-28895"},{"name":"CVE-2021-22787","url":"https://www.cve.org/CVERecord?id=CVE-2021-22787"},{"name":"CVE-2021-22785","url":"https://www.cve.org/CVERecord?id=CVE-2021-22785"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V11.0.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-257-02 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-257-02_Web_Server_Modicon_M340_Quantum_and_Premium_and_Communication_Modules_V2.0.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V4.0.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-06 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2020-343-06_Web_Server_Modicon_M340_Premium_Quantum_Communication_Modules_Security_Notification_V2.0.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-07 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-07&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2020-343-07_SNMP_Service_Modicon_M340_CPU_Security_Notification_V2.1.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-217-01 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification_V3.0.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-134-11 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2019-134-11_Modicon_Controllers_Security_Notification_V7.0.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V2.0.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider SESB-2019-214-01 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2019-214-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SESB-2019-214-01_Wind_River_VxWorks_Security_Bulletin_V2.14.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-315-01 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-315-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2020-315-01_Modicon_Web_Server_Security_Notification_V3.0.pdf"},{"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-05 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-05&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2020-343-05-Web_Server_Modicon_M340_Premium_Quantum_Communication_Modules_Security_Notification_V2.1.pdf"}],"reference":"CERTFR-2022-AVI-815","revisions":[{"description":"Version initiale","revision_date":"2022-09-13T00:00:00.000000"}],"risks":[{"description":"Ex\u00e9cution de code arbitraire"},{"description":"D\u00e9ni de service"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-256-01 du 13 septembre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-256-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-256-01-EcoStruxure_Machine_SCADA_ExpertPro-face_BLUE_Open_Studio_Security_Notification.pdf"}]}