{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric EcoStruxure\u2122 Control Expert versions ant\u00e9rieures \u00e0 v16.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric EcoStruxure IT Gateway versions ant\u00e9rieures \u00e0 1.20.0","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric Modicon M540 microgiciel versions ant\u00e9rieures \u00e0 v3.60","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric EcoStruxure\u2122 Process Expert versions ant\u00e9rieures \u00e0 v2023","product":{"name":"process","vendor":{"name":"Symfony","scada":false}}},{"description":"Schneider Electric Modicon M580 microgiciel versions ant\u00e9rieures \u00e0 v4.20","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric Harmony Control Relay RMNF22TB30 toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric Modicon M340 CPU (part numbers BMXP34*) versions ant\u00e9rieures \u00e0 sv3.60","product":{"name":"Modicon M340","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric Harmony Timer Relay RENF22R2MMW toutes versions","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}},{"description":"Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) versions ant\u00e9rieures \u00e0 sv4.20","product":{"name":"N/A","vendor":{"name":"Schneider Electric","scada":true}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2023-6408","url":"https://www.cve.org/CVERecord?id=CVE-2023-6408"},{"name":"CVE-2023-27975","url":"https://www.cve.org/CVERecord?id=CVE-2023-27975"},{"name":"CVE-2018-7855","url":"https://www.cve.org/CVERecord?id=CVE-2018-7855"},{"name":"CVE-2024-0568","url":"https://www.cve.org/CVERecord?id=CVE-2024-0568"},{"name":"CVE-2023-6409","url":"https://www.cve.org/CVERecord?id=CVE-2023-6409"},{"name":"CVE-2024-0865","url":"https://www.cve.org/CVERecord?id=CVE-2024-0865"}],"links":[],"reference":"CERTFR-2024-AVI-0120","revisions":[{"description":"Version initiale","revision_date":"2024-02-13T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans <span\nclass=\"textit\">les produits Schneider</span>. Certaines d'entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0\nl'int\u00e9grit\u00e9 des donn\u00e9es.\n","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider","vendor_advisories":[{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2024-044-03 du 13 f\u00e9vrier 2024","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-03.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2024-044-01 du 13 f\u00e9vrier 2024","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-01.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-134-11 du 14 mai 2019","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2019-134-11_Modicon_Controllers_Security_Notification.pdf"},{"published_at":null,"title":"Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2024-044-02 du 13 f\u00e9vrier 2024","url":"https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-02.pdf"}]}