{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"EcoStruxure Power Operation 2021 versions ant\u00e9rieures \u00e0 CU3","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Pro-face BLUE versions ant\u00e9rieures \u00e0 V3.3 Service Pack 1","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Power SCADA Operation 2020 R2 versions ant\u00e9rieures \u00e0 CU1","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"SAGE RTU C3413, C3412 CPU (ces versions sont obsol\u00e8tes, il est pr\u00e9f\u00e9rable de migrer vers la version C3414-500-S02K5_P5 de SAGE RTU C3414 CPU)","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Panel Server Box (PAS900) versions ant\u00e9rieures \u00e0 3.1.18","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"EcoStruxure Operator Terminal Expert versions ant\u00e9rieures \u00e0 V3.3 Service Pack 1","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"SAGE RTU C3414 CPU versions ant\u00e9rieures \u00e0 C3414-500-S02K5_P5","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2022-41666","url":"https://www.cve.org/CVERecord?id=CVE-2022-41666"},{"name":"CVE-2022-41671","url":"https://www.cve.org/CVERecord?id=CVE-2022-41671"},{"name":"CVE-2022-41667","url":"https://www.cve.org/CVERecord?id=CVE-2022-41667"},{"name":"CVE-2022-30552","url":"https://www.cve.org/CVERecord?id=CVE-2022-30552"},{"name":"CVE-2022-30790","url":"https://www.cve.org/CVERecord?id=CVE-2022-30790"},{"name":"CVE-2022-2463","url":"https://www.cve.org/CVERecord?id=CVE-2022-2463"},{"name":"CVE-2022-2464","url":"https://www.cve.org/CVERecord?id=CVE-2022-2464"},{"name":"CVE-2022-41670","url":"https://www.cve.org/CVERecord?id=CVE-2022-41670"},{"name":"CVE-2022-41668","url":"https://www.cve.org/CVERecord?id=CVE-2022-41668"},{"name":"CVE-2022-22727","url":"https://www.cve.org/CVERecord?id=CVE-2022-22727"},{"name":"CVE-2022-41669","url":"https://www.cve.org/CVERecord?id=CVE-2022-41669"},{"name":"CVE-2022-2465","url":"https://www.cve.org/CVERecord?id=CVE-2022-2465"}],"links":[],"reference":"CERTFR-2022-AVI-896","revisions":[{"description":"Version initiale","revision_date":"2022-10-11T00:00:00.000000"},{"description":"Mise \u00e0 jour des versions correctives","revision_date":"2022-11-04T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-284-01 du 11 octobre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-284-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-284-01_EcoStruxure_Operator_Terminal_Expert_and_Pro-face_BLUE_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-284-04 du 11 octobre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-284-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-284-04-EcoStruxure_Power_Operation_and_EcoStruxure_Power_SCADA.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-284-03 du 11 octobre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-284-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-284-03-SAGE_RTU_ISaGraf_Workbench_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-284-02 du 11 octobre 2022","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-284-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2022-284-02-EcoStruxure_Panel_Server_Box_PAS900_Security_Notification.pdf"}]}