cvelistv5 - cve-2003-0190

CVE-2003-0190 (GCVE-0-2003-0190)

Vulnerability from cvelistv5

Published

2003-05-02 00:00

Modified

2024-08-08 01:43

Severity ?

CWE

Summary

OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.

References

URL

Tags

	http://www.redhat.com/support/errata/RHSA-2003-222.html	vendor-advisory
	http://marc.info/?l=bugtraq&m=105172058404810&w=2	mailing-list
	http://www.securityfocus.com/bid/7467	vdb-entry
	http://marc.info/?l=bugtraq&m=106018677302607&w=2	mailing-list
	http://www.redhat.com/support/errata/RHSA-2003-224.html	vendor-advisory
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445	vdb-entry, signature
	http://lab.mediaservice.net/advisory/2003-01-openssh.txt
	http://www.turbolinux.com/security/TLSA-2003-31.txt	vendor-advisory
	http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html	mailing-list
	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:36.108Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2003:222",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-222.html"
          },
          {
            "name": "20030430 OpenSSH/PAM timing attack allows remote users identification",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=105172058404810\u0026w=2"
          },
          {
            "name": "7467",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/7467"
          },
          {
            "name": "20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=106018677302607\u0026w=2"
          },
          {
            "name": "RHSA-2003:224",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2003-224.html"
          },
          {
            "name": "oval:org.mitre.oval:def:445",
            "tags": [
              "vdb-entry",
              "signature",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://lab.mediaservice.net/advisory/2003-01-openssh.txt"
          },
          {
            "name": "TLSA-2003-31",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.turbolinux.com/security/TLSA-2003-31.txt"
          },
          {
            "name": "20030430 OpenSSH/PAM timing attack allows remote users identification",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-04-30T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2003:222",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-222.html"
        },
        {
          "name": "20030430 OpenSSH/PAM timing attack allows remote users identification",
          "tags": [
            "mailing-list"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=105172058404810\u0026w=2"
        },
        {
          "name": "7467",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/7467"
        },
        {
          "name": "20030806 [OpenPKG-SA-2003.035] OpenPKG Security Advisory (openssh)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=106018677302607\u0026w=2"
        },
        {
          "name": "RHSA-2003:224",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2003-224.html"
        },
        {
          "name": "oval:org.mitre.oval:def:445",
          "tags": [
            "vdb-entry",
            "signature"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A445"
        },
        {
          "url": "http://lab.mediaservice.net/advisory/2003-01-openssh.txt"
        },
        {
          "name": "TLSA-2003-31",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.turbolinux.com/security/TLSA-2003-31.txt"
        },
        {
          "name": "20030430 OpenSSH/PAM timing attack allows remote users identification",
          "tags": [
            "mailing-list"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0190",
    "datePublished": "2003-05-02T00:00:00.000Z",
    "dateReserved": "2003-04-01T00:00:00.000Z",
    "dateUpdated": "2024-08-08T01:43:36.108Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2022-AVI-1094

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions antérieures à V3.0.1
Siemens	N/A	SIPROTEC 5, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html
Siemens	N/A	Teamcenter Visualization V13.2.x antérieures à V13.2.0.12
Siemens	N/A	TALON TC Series (BACnet) versions antérieures à V3.5.5
Siemens	N/A	SICAM PAS/PQS versions 8.x antérieures à 8.06
Siemens	N/A	Parasolid versions V35.0.x antérieures à V35.0.170
Siemens	N/A	SIMATIC WinCC Runtime Professional V15 versions antérieures à V15.1 Update 5
Siemens	N/A	PLM Help Server V4.2 toutes versions
Siemens	N/A	SICAM PAS/PQS versions antérieures à 7.0
Siemens	N/A	SIMATIC NET PC Software V15 toutes versions
Siemens	N/A	SINUMERIK Operate versions antérieures à V6.14
Siemens	N/A	SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions
Siemens	N/A	Polarion ALM toutes versions
Siemens	N/A	APOGEE PXC Series (P2 Ethernet) versions antérieures à V2.8.20
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V13 versions antérieures à V13 SP2 Update 4
Siemens	N/A	Mendix Email Connector versions antérieures à 2.0.0
Siemens	N/A	SIMATIC WinCC Runtime Professional V16 versions antérieures à V16 Update 2
Siemens	N/A	JT2Go toutes versions
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions
Siemens	N/A	SIMATIC NET PC Software V14 versions antérieures à V14 SP1 Update 14
Siemens	N/A	APOGEE PXC Series (BACnet) versions antérieures à V3.5.5
Siemens	N/A	SCALANCE X-200RNA toutes versions
Siemens	N/A	SINAMICS STARTER versions antérieures à V5.4 HF2
Siemens	N/A	Simcenter STAR-CCM+ toutes versions
Siemens	N/A	SIMATIC Automation Tool versions antérieures à V4 SP2
Siemens	N/A	SIMATIC PCS neo versions antérieures à V3.0 SP1
Siemens	N/A	Parasolid versions V33.1.x antérieures à V33.1.264
Siemens	N/A	SIMATIC STEP 7 V5 versions antérieures à V5.6 SP2 HF3
Siemens	N/A	SIMATIC WinCC OA versions V3.18.x antérieures à V3.18 P014
Siemens	N/A	SIMATIC WinCC OA V3.17 versions antérieures à V3.17 P003
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 SP1 Update 3
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V14 versions antérieures à V14 SP1 Update 10
Siemens	N/A	SIMATIC WinCC Runtime Professional V14 versions antérieures à V14 SP1 Update 10
Siemens	N/A	SINEC NMS versions antérieures à V1.0 SP2
Siemens	N/A	Parasolid versions V34.1.x antérieures à V34.1.242
Siemens	N/A	SIMATIC Drive Controller family versions antérieures à V3.0.1
Siemens	N/A	Teamcenter Visualization V13.3.x
Siemens	N/A	Parasolid versions V34.0.x antérieures à V34.0.252
Siemens	N/A	SCALANCE, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html
Siemens	N/A	Teamcenter Visualization V14.1.x antérieures à V14.1.0.6
Siemens	N/A	Mcenter versions supérieures ou égales à V5.2.1.0
Siemens	N/A	SINEMA Server versions antérieures à V14 SP3
Siemens	N/A	SIMATIC WinCC OA versions V3.17.x antérieures à V3.17 P024
Siemens	N/A	SIMATIC WinCC OA versions V3.15.x
Siemens	N/A	TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions
Siemens	N/A	SIMATIC S7-PLCSIM Advanced versions antérieures à V5.0
Siemens	N/A	SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions supérieures ou égales à V2.13
Siemens	N/A	RUGGEDCOM, pour plus d'informations, veuillez-vous référer à l'avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html
Siemens	N/A	SICAM GridPass (6MD7711-2AA00-1EA0) versions supérieures ou égales à V1.80
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V15 versions antérieures à V15.1 Update 5
Siemens	N/A	Teamcenter Visualization V14.0.x
Siemens	N/A	SIMATIC WinCC OA versions V3.16.x antérieures à V3.16 P035
Siemens	N/A	SIMATIC WinCC Runtime Advanced versions antérieures à V16 Update 2
Siemens	N/A	SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Update 14
Siemens	N/A	SIMATIC WinCC Runtime Professional V13 versions antérieures à V13 SP2 Update 4
Siemens	N/A	SIMATIC NET PC Software V16 versions antérieures à V16 Upd3
Siemens	N/A	SIMATIC ProSave versions antérieures à V17
Siemens	N/A	SIMATIC S7-1500 Software Controller versions antérieures à V21.8
Siemens	N/A	Mendix Workflow Commons versions antérieures à 2.4.0
Siemens	N/A	SINAMICS Startdrive versions antérieures à V16 Update 3
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V16 versions antérieures à V16 Update 2
Siemens	N/A	SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions antérieures à V4.6.0
Siemens	N/A	SIMATIC S7-1500 Software Controller toutes versions
Siemens	N/A	SIMATIC WinCC OA V3.16 versions antérieures à V3.16 P018
Siemens	N/A	Calibre ICE versions supérieures ou égales à V2022.4
Siemens	N/A	SINUMERIK ONE virtual versions antérieures à V6.14

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens

2022-12-13

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.2.x ant\u00e9rieures \u00e0 V13.2.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TALON TC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM PAS/PQS versions 8.x ant\u00e9rieures \u00e0 8.06",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V35.0.x ant\u00e9rieures \u00e0 V35.0.170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "PLM Help Server V4.2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM PAS/PQS versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Operate versions ant\u00e9rieures \u00e0 V6.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Polarion ALM toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Series (P2 Ethernet) versions ant\u00e9rieures \u00e0 V2.8.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Email Connector versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200RNA toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS STARTER versions ant\u00e9rieures \u00e0 V5.4 HF2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter STAR-CCM+ toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Automation Tool versions ant\u00e9rieures \u00e0 V4 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo versions ant\u00e9rieures \u00e0 V3.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V33.1.x ant\u00e9rieures \u00e0 V33.1.264",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 V5.6 SP2 HF3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.18.x ant\u00e9rieures \u00e0 V3.18 P014",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.17 versions ant\u00e9rieures \u00e0 V3.17 P003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP1 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V1.0 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V34.1.x ant\u00e9rieures \u00e0 V34.1.242",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Drive Controller family versions ant\u00e9rieures \u00e0 V3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.3.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V34.0.x ant\u00e9rieures \u00e0 V34.0.252",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.1.x ant\u00e9rieures \u00e0 V14.1.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mcenter versions sup\u00e9rieures ou \u00e9gales \u00e0 V5.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Server versions ant\u00e9rieures \u00e0 V14 SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.17.x ant\u00e9rieures \u00e0 V3.17 P024",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.15.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 V5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridPass (6MD7711-2AA00-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V1.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.0.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.16.x ant\u00e9rieures \u00e0 V3.16 P035",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Update 14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V16 versions ant\u00e9rieures \u00e0 V16 Upd3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ProSave versions ant\u00e9rieures \u00e0 V17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 V21.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Workflow Commons versions ant\u00e9rieures \u00e0 2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS Startdrive versions ant\u00e9rieures \u00e0 V16 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V4.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.16 versions ant\u00e9rieures \u00e0 V3.16 P018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Calibre ICE versions sup\u00e9rieures ou \u00e9gales \u00e0 V2022.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK ONE virtual versions ant\u00e9rieures \u00e0 V6.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-46345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
    },
    {
      "name": "CVE-2020-28388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
    },
    {
      "name": "CVE-2015-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0208"
    },
    {
      "name": "CVE-2016-0703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
    },
    {
      "name": "CVE-2021-40365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40365"
    },
    {
      "name": "CVE-2022-41279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41279"
    },
    {
      "name": "CVE-2022-46353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46353"
    },
    {
      "name": "CVE-2016-0701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
    },
    {
      "name": "CVE-2019-6110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6110"
    },
    {
      "name": "CVE-2022-46352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46352"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2022-46347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
    },
    {
      "name": "CVE-2022-46349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2015-6563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2022-46351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46351"
    },
    {
      "name": "CVE-2015-6564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
    },
    {
      "name": "CVE-2015-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
    },
    {
      "name": "CVE-2016-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
    },
    {
      "name": "CVE-2003-1562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-1562"
    },
    {
      "name": "CVE-2016-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
    },
    {
      "name": "CVE-2022-41280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41280"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2019-6109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6109"
    },
    {
      "name": "CVE-2022-46346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
    },
    {
      "name": "CVE-2022-41283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41283"
    },
    {
      "name": "CVE-2022-46144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46144"
    },
    {
      "name": "CVE-2016-6302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6302"
    },
    {
      "name": "CVE-2022-45044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45044"
    },
    {
      "name": "CVE-2018-4842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4842"
    },
    {
      "name": "CVE-2022-44731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44731"
    },
    {
      "name": "CVE-2022-46355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46355"
    },
    {
      "name": "CVE-2016-6303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
    },
    {
      "name": "CVE-2015-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
    },
    {
      "name": "CVE-2022-41288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41288"
    },
    {
      "name": "CVE-2019-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
    },
    {
      "name": "CVE-2016-1907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1907"
    },
    {
      "name": "CVE-2016-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2178"
    },
    {
      "name": "CVE-2022-43517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43517"
    },
    {
      "name": "CVE-2016-10011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10011"
    },
    {
      "name": "CVE-2015-6565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6565"
    },
    {
      "name": "CVE-2022-3160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3160"
    },
    {
      "name": "CVE-2016-6307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6307"
    },
    {
      "name": "CVE-2016-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2179"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2015-4000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
    },
    {
      "name": "CVE-2022-41282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41282"
    },
    {
      "name": "CVE-2015-3194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3194"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2022-46350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46350"
    },
    {
      "name": "CVE-2022-46142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46142"
    },
    {
      "name": "CVE-2015-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0290"
    },
    {
      "name": "CVE-2016-6304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
    },
    {
      "name": "CVE-2022-46348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
    },
    {
      "name": "CVE-2022-46140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46140"
    },
    {
      "name": "CVE-2016-1908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1908"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2019-16905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16905"
    },
    {
      "name": "CVE-2016-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
    },
    {
      "name": "CVE-2016-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2181"
    },
    {
      "name": "CVE-2019-6111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6111"
    },
    {
      "name": "CVE-2016-8858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8858"
    },
    {
      "name": "CVE-2016-6515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6515"
    },
    {
      "name": "CVE-2015-3197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3197"
    },
    {
      "name": "CVE-2022-41281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41281"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2013-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2015-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0207"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2020-7580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7580"
    },
    {
      "name": "CVE-2015-0285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0285"
    },
    {
      "name": "CVE-2016-0799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0799"
    },
    {
      "name": "CVE-2015-1794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1794"
    },
    {
      "name": "CVE-2022-34821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34821"
    },
    {
      "name": "CVE-2016-6308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6308"
    },
    {
      "name": "CVE-2021-44694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44694"
    },
    {
      "name": "CVE-2016-6306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6306"
    },
    {
      "name": "CVE-2017-15906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15906"
    },
    {
      "name": "CVE-2021-44695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44695"
    },
    {
      "name": "CVE-2022-3161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3161"
    },
    {
      "name": "CVE-2016-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10010"
    },
    {
      "name": "CVE-2022-45936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45936"
    },
    {
      "name": "CVE-2022-46265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46265"
    },
    {
      "name": "CVE-2016-0704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
    },
    {
      "name": "CVE-2016-0702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2015-3193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
    },
    {
      "name": "CVE-2022-43723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43723"
    },
    {
      "name": "CVE-2018-15473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15473"
    },
    {
      "name": "CVE-2015-0293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
    },
    {
      "name": "CVE-2022-45484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45484"
    },
    {
      "name": "CVE-2015-5352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2003-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0190"
    },
    {
      "name": "CVE-2018-20685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20685"
    },
    {
      "name": "CVE-2016-6305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6305"
    },
    {
      "name": "CVE-2015-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1787"
    },
    {
      "name": "CVE-2016-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0798"
    },
    {
      "name": "CVE-2022-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46143"
    },
    {
      "name": "CVE-2022-41286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41286"
    },
    {
      "name": "CVE-2016-10012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10012"
    },
    {
      "name": "CVE-2022-41278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41278"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2015-8325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8325"
    },
    {
      "name": "CVE-2022-41287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41287"
    },
    {
      "name": "CVE-2022-45937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45937"
    },
    {
      "name": "CVE-2022-46354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46354"
    },
    {
      "name": "CVE-2022-43724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43724"
    },
    {
      "name": "CVE-2022-43722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43722"
    },
    {
      "name": "CVE-2016-6210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6210"
    },
    {
      "name": "CVE-2015-3196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3196"
    },
    {
      "name": "CVE-2015-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
    },
    {
      "name": "CVE-2022-41284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41284"
    },
    {
      "name": "CVE-2016-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2842"
    },
    {
      "name": "CVE-2015-0291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0291"
    },
    {
      "name": "CVE-2016-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2180"
    },
    {
      "name": "CVE-2021-44693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44693"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2016-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2182"
    },
    {
      "name": "CVE-2016-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
    },
    {
      "name": "CVE-2015-6574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6574"
    },
    {
      "name": "CVE-2015-0289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2019-13924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2022-44575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44575"
    },
    {
      "name": "CVE-2022-41285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41285"
    },
    {
      "name": "CVE-2022-46664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46664"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    },
    {
      "name": "CVE-2022-3159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3159"
    },
    {
      "name": "CVE-2015-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
    },
    {
      "name": "CVE-2016-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
    },
    {
      "name": "CVE-2018-4848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4848"
    }
  ],
  "initial_release_date": "2022-12-13T00:00:00",
  "last_revision_date": "2022-12-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-1094",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2022-12-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180579.html"
    }
  ]
}

CERTA-2011-AVI-524

Vulnerability from certfr_avis

De multiples vulnérabilités touchent Blue Coat Director, elles permettent notamment l'exécution de code arbitraire à distance.

Description

Des vulnérabilités dans le module d'analyse des requêtes HTTP TRACE et dans les versions d'Apache et OpenSSL embarquées dans Blue Coat Director permettent à une personne malintentionnée d'effectuer des actions malveillantes, dont l'exécution de code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Blue Coat Director toutes versions antérieures à la 5.5.2.3.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Blue Coat SA61 du 13 septembre 2011	None	vendor-advisory
Bulletin de sécurité Blue Coat SA63 du 15 septembre 2011	None	vendor-advisory
Bulletin de sécurité Blue Coat SA62 du 15 septembre 2011	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eBlue Coat Director toutes versions  ant\u00e9rieures \u00e0 la 5.5.2.3.\u003c/p\u003e",
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s dans le module d\u0027analyse des requ\u00eates HTTP TRACE et\ndans les versions d\u0027Apache et OpenSSL embarqu\u00e9es dans Blue Coat Director\npermettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer des actions\nmalveillantes, dont l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3560"
    },
    {
      "name": "CVE-2010-0434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0434"
    },
    {
      "name": "CVE-2010-1623",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1623"
    },
    {
      "name": "CVE-2009-3094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3094"
    },
    {
      "name": "CVE-2009-3095",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3095"
    },
    {
      "name": "CVE-2010-0425",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0425"
    },
    {
      "name": "CVE-2010-1452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1452"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2009-1891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1891"
    },
    {
      "name": "CVE-2009-2412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2412"
    },
    {
      "name": "CVE-2003-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0190"
    },
    {
      "name": "CVE-2008-2364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
    },
    {
      "name": "CVE-2008-2939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2939"
    },
    {
      "name": "CVE-2005-2666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2005-2666"
    },
    {
      "name": "CVE-2009-3720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3720"
    }
  ],
  "initial_release_date": "2011-09-19T00:00:00",
  "last_revision_date": "2011-09-19T00:00:00",
  "links": [],
  "reference": "CERTA-2011-AVI-524",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s touchent Blue Coat Director, elles\npermettent notamment l\u0027ex\u00e9cution de code arbitraire \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Blue Coat Director",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat SA61 du 13 septembre 2011",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA61"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat SA63 du 15 septembre 2011",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA63"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Blue Coat SA62 du 15 septembre 2011",
      "url": "https://kb.bluecoat.com/index?page=content\u0026id=SA62"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2003-0190 (GCVE-0-2003-0190)

Vulnerability from cvelistv5

CERTFR-2022-AVI-1094

Vulnerability from certfr_avis

Solution

CERTA-2011-AVI-524

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature