{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<ul> <li>StruxureWare Data Center Expert versions ant\u00e9rieures \u00e0 8.0</li> <li>EcoStruxure OPC UA Server Expert versions ant\u00e9rieures \u00e0 SV2.01 SP2</li> <li>Accutech Manager versions ant\u00e9rieures \u00e0 2.8</li> </ul> <p>Pour les produits vuln\u00e9rables list\u00e9s ci-dessous, en l'attente d'un correctif, l'\u00e9diteur recommande d'appliquer un certain nombre de mesures d'att\u00e9nuation :</p> <ul> <li>HMISCU Controller</li> <li>Modicon Controller LMC078</li> <li>Modicon Controller M241</li> <li>Modicon Controller M251</li> <li>Modicon Controller M262</li> <li>Modicon Controller M258</li> <li>Modicon Controller LMC058</li> <li>Modicon Controller M218</li> <li>PacDrive 3 Controllers LMC</li> <li>Eco/Pro/Pro2</li> <li>SoftSPS embedded in</li> <li>EcoStruxure Machine Expert</li> </ul> ","content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-29414","url":"https://www.cve.org/CVERecord?id=CVE-2023-29414"},{"name":"CVE-2022-47384","url":"https://www.cve.org/CVERecord?id=CVE-2022-47384"},{"name":"CVE-2022-47388","url":"https://www.cve.org/CVERecord?id=CVE-2022-47388"},{"name":"CVE-2022-47379","url":"https://www.cve.org/CVERecord?id=CVE-2022-47379"},{"name":"CVE-2022-47382","url":"https://www.cve.org/CVERecord?id=CVE-2022-47382"},{"name":"CVE-2023-37199","url":"https://www.cve.org/CVERecord?id=CVE-2023-37199"},{"name":"CVE-2022-47378","url":"https://www.cve.org/CVERecord?id=CVE-2022-47378"},{"name":"CVE-2022-47386","url":"https://www.cve.org/CVERecord?id=CVE-2022-47386"},{"name":"CVE-2022-47389","url":"https://www.cve.org/CVERecord?id=CVE-2022-47389"},{"name":"CVE-2022-47380","url":"https://www.cve.org/CVERecord?id=CVE-2022-47380"},{"name":"CVE-2022-47387","url":"https://www.cve.org/CVERecord?id=CVE-2022-47387"},{"name":"CVE-2022-47391","url":"https://www.cve.org/CVERecord?id=CVE-2022-47391"},{"name":"CVE-2022-47383","url":"https://www.cve.org/CVERecord?id=CVE-2022-47383"},{"name":"CVE-2022-47381","url":"https://www.cve.org/CVERecord?id=CVE-2022-47381"},{"name":"CVE-2022-47393","url":"https://www.cve.org/CVERecord?id=CVE-2022-47393"},{"name":"CVE-2022-47390","url":"https://www.cve.org/CVERecord?id=CVE-2022-47390"},{"name":"CVE-2023-37197","url":"https://www.cve.org/CVERecord?id=CVE-2023-37197"},{"name":"CVE-2022-47392","url":"https://www.cve.org/CVERecord?id=CVE-2022-47392"},{"name":"CVE-2022-47385","url":"https://www.cve.org/CVERecord?id=CVE-2022-47385"},{"name":"CVE-2023-37196","url":"https://www.cve.org/CVERecord?id=CVE-2023-37196"},{"name":"CVE-2023-37200","url":"https://www.cve.org/CVERecord?id=CVE-2023-37200"},{"name":"CVE-2023-37198","url":"https://www.cve.org/CVERecord?id=CVE-2023-37198"}],"links":[],"reference":"CERTFR-2023-AVI-0525","revisions":[{"description":"Version initiale","revision_date":"2023-07-11T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d'entre elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance, un contournement de la\npolitique de s\u00e9curit\u00e9 et une ex\u00e9cution de code arbitraire \u00e0 distance.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-02 du 11 juillet 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-02.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-03 du 11 juillet 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-03.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-04 du 11 juillet 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-04.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-192-01 du 11 juillet 2023","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-192-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2023-192-01.pdf"}]}