{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"SIMATIC IPC PX-39A versions ant\u00e9rieures \u00e0 29.01.09","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC627E toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-2884","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Field PG M5 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-2884","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC BX-32A versions ant\u00e9rieures \u00e0 29.01.09","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC BX-39A versions ant\u00e9rieures \u00e0 29.01.09","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC Field PG M6 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-2884","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC677E toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-2884","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC PX-39A PRO versions ant\u00e9rieures \u00e0 29.01.09","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC BX-59A versions ant\u00e9rieures \u00e0 32.01.09","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC847E toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-2884","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC427E versions ant\u00e9rieures \u00e0 21.01.20","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SCALANCE W-700 IEEE 802.11n versions ant\u00e9rieures \u00e0 6.6.0","product":{"name":"SCALANCE","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC477E versions ant\u00e9rieures \u00e0 21.01.20","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC CN 4100 toutes versions. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-2884.","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC ITP1000 toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-2884","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC477E PRO versions ant\u00e9rieures \u00e0 21.01.20","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC RW-548A versions ant\u00e9rieures \u00e0 34.01.02","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC PX-32A versions ant\u00e9rieures \u00e0 29.01.09","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC BX-56A versions ant\u00e9rieures \u00e0 32.01.09","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC277E toutes versions. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-2884.","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC RW-528A versions ant\u00e9rieures \u00e0 34.01.02","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC647E toutes versions pour la vuln\u00e9rabilit\u00e9 CVE-2025-2884","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC MD-57A versions ant\u00e9rieures \u00e0 30.01.10","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}},{"description":"SIMATIC IPC227E toutes versions. L'\u00e9diteur indique que le produit ne b\u00e9n\u00e9ficiera pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2025-2884.","product":{"name":"SIMATIC","vendor":{"name":"Siemens","scada":true}}}],"affected_systems_content":"","content":"## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des correctifs (cf. section Documentation).","cves":[{"name":"CVE-2020-26139","url":"https://www.cve.org/CVERecord?id=CVE-2020-26139"},{"name":"CVE-2020-26146","url":"https://www.cve.org/CVERecord?id=CVE-2020-26146"},{"name":"CVE-2020-26143","url":"https://www.cve.org/CVERecord?id=CVE-2020-26143"},{"name":"CVE-2020-24588","url":"https://www.cve.org/CVERecord?id=CVE-2020-24588"},{"name":"CVE-2020-26140","url":"https://www.cve.org/CVERecord?id=CVE-2020-26140"},{"name":"CVE-2020-26144","url":"https://www.cve.org/CVERecord?id=CVE-2020-26144"},{"name":"CVE-2022-36325","url":"https://www.cve.org/CVERecord?id=CVE-2022-36325"},{"name":"CVE-2022-36323","url":"https://www.cve.org/CVERecord?id=CVE-2022-36323"},{"name":"CVE-2020-26147","url":"https://www.cve.org/CVERecord?id=CVE-2020-26147"},{"name":"CVE-2022-0778","url":"https://www.cve.org/CVERecord?id=CVE-2022-0778"},{"name":"CVE-2022-36324","url":"https://www.cve.org/CVERecord?id=CVE-2022-36324"},{"name":"CVE-2021-3712","url":"https://www.cve.org/CVERecord?id=CVE-2021-3712"},{"name":"CVE-2020-26141","url":"https://www.cve.org/CVERecord?id=CVE-2020-26141"},{"name":"CVE-2023-44373","url":"https://www.cve.org/CVERecord?id=CVE-2023-44373"},{"name":"CVE-2025-2884","url":"https://www.cve.org/CVERecord?id=CVE-2025-2884"},{"name":"CVE-2022-31765","url":"https://www.cve.org/CVERecord?id=CVE-2022-31765"}],"links":[],"reference":"CERTFR-2026-AVI-0432","revisions":[{"description":"Version initiale","revision_date":"2026-04-14T00:00:00.000000"}],"risks":[{"description":"D\u00e9ni de service \u00e0 distance"},{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"},{"description":"Atteinte \u00e0 l'int\u00e9grit\u00e9 des donn\u00e9es"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"},{"description":"Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"},{"description":"\u00c9l\u00e9vation de privil\u00e8ges"}],"summary":"De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Siemens. Certaines d'entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.","title":"Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens","vendor_advisories":[{"published_at":"2026-04-14","title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-628843","url":"https://cert-portal.siemens.com/productcert/html/ssa-628843.html"},{"published_at":"2026-04-14","title":"Bulletin de s\u00e9curit\u00e9 Siemens SSA-019200","url":"https://cert-portal.siemens.com/productcert/html/ssa-019200.html"}]}