cvelistv5 - cve-2016-10708

CVE-2016-10708 (GCVE-0-2016-10708)

Vulnerability from cvelistv5

Published

2018-01-21 22:00

Modified

2024-08-06 03:30

Severity ?

CWE

Summary

sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c.

References

URL

Tags

	https://www.openssh.com/releasenotes.html	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20180423-0003/	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html	mailing-list, x_refsource_MLIST
	https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737	x_refsource_MISC
	https://usn.ubuntu.com/3809-1/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/102780	vdb-entry, x_refsource_BID
	https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html	mailing-list, x_refsource_MLIST
	http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html	x_refsource_MISC
	https://kc.mcafee.com/corporate/index?page=content&id=SB10284	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K32485746?utm_source=f5support&amp%3Butm_medium=RSS	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:30:20.218Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.openssh.com/releasenotes.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180423-0003/"
          },
          {
            "name": "[debian-lts-announce] 20180126 [SECURITY] [DLA 1257-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737"
          },
          {
            "name": "USN-3809-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3809-1/"
          },
          {
            "name": "102780",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102780"
          },
          {
            "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-14T12:06:20.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.openssh.com/releasenotes.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180423-0003/"
        },
        {
          "name": "[debian-lts-announce] 20180126 [SECURITY] [DLA 1257-1] openssh security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737"
        },
        {
          "name": "USN-3809-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3809-1/"
        },
        {
          "name": "102780",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102780"
        },
        {
          "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2016-10708",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an out-of-sequence NEWKEYS message, as demonstrated by Honggfuzz, related to kex.c and packet.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.openssh.com/releasenotes.html",
              "refsource": "MISC",
              "url": "https://www.openssh.com/releasenotes.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180423-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180423-0003/"
            },
            {
              "name": "[debian-lts-announce] 20180126 [SECURITY] [DLA 1257-1] openssh security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00031.html"
            },
            {
              "name": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737",
              "refsource": "MISC",
              "url": "https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737"
            },
            {
              "name": "USN-3809-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3809-1/"
            },
            {
              "name": "102780",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102780"
            },
            {
              "name": "[debian-lts-announce] 20180910 [SECURITY] [DLA 1500-1] openssh security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html"
            },
            {
              "name": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html",
              "refsource": "MISC",
              "url": "http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10284"
            },
            {
              "name": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K32485746?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2016-10708",
    "datePublished": "2018-01-21T22:00:00.000Z",
    "dateReserved": "2018-01-21T00:00:00.000Z",
    "dateUpdated": "2024-08-06T03:30:20.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-146

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans F5 BIG-IP. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
F5	BIG-IP	BIG-IP (WebSafe) versions 14.x antérieures à 14.1.0
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 13.x antérieures à 13.1.3.2
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.x antérieures à 11.6.5.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.x antérieures à 14.1.2.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 15.0.x antérieures à 15.0.1.1
F5	BIG-IP	BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 12.x antérieures à 12.1.5.1

References

Title

Publication Time

Tags

Bulletin de sécurité F5 K15217245 du 11 mai 2018	None	vendor-advisory
Bulletin de sécurité F5 K70321874 du 11 mai 2018	None	vendor-advisory
Bulletin de sécurité F5 K32485746 du 12 avril 2018	None	vendor-advisory
Bulletin de sécurité F5 K44923228 du 10 mai 2018	None	vendor-advisory
Bulletin de sécurité F5 K35421172 du 19 juin 2019	None	vendor-advisory
Bulletin de sécurité F5 K37111863 du 15 décembre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "BIG-IP (WebSafe) versions 14.x ant\u00e9rieures \u00e0 14.1.0",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 13.x ant\u00e9rieures \u00e0 13.1.3.2",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 11.x ant\u00e9rieures \u00e0 11.6.5.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 14.x ant\u00e9rieures \u00e0 14.1.2.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 15.0.x ant\u00e9rieures \u00e0 15.0.1.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    },
    {
      "description": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator) versions 12.x ant\u00e9rieures \u00e0 12.1.5.1",
      "product": {
        "name": "BIG-IP",
        "vendor": {
          "name": "F5",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-12120",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12120"
    },
    {
      "name": "CVE-2018-2815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2815"
    },
    {
      "name": "CVE-2016-10708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10708"
    },
    {
      "name": "CVE-2018-2795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2795"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2018-2783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-2783"
    }
  ],
  "initial_release_date": "2021-02-25T00:00:00",
  "last_revision_date": "2021-02-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-146",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans F5 BIG-IP. Elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans F5 BIG-IP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K15217245 du 11 mai 2018",
      "url": "https://support.f5.com/csp/article/K15217245"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K70321874 du 11 mai 2018",
      "url": "https://support.f5.com/csp/article/K70321874"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K32485746 du 12 avril 2018",
      "url": "https://support.f5.com/csp/article/K32485746"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K44923228 du 10 mai 2018",
      "url": "https://support.f5.com/csp/article/K44923228"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K35421172 du 19 juin 2019",
      "url": "https://support.f5.com/csp/article/K35421172"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 F5 K37111863 du 15 d\u00e9cembre 2018",
      "url": "https://support.f5.com/csp/article/K37111863"
    }
  ]
}

CERTFR-2021-AVI-706

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Industrial Edge Management versions antérieures à V1.3
Siemens	N/A	SIMATIC RF350M toutes versions
Siemens	N/A	SIPROTEC 5 relays with CPU variants CP050 versions antérieures à V8.80
Siemens	N/A	SCALANCE X204-2TS versions antérieures à V5.2.5
Siemens	N/A	SCALANCE X306-1LD FE toutes versions
Siemens	N/A	TALON TC Modular (BACnet) versions antérieures à V3.5.3
Siemens	N/A	SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) toutes versions
Siemens	N/A	RUGGEDCOM ROX RX1501 versions antérieures à V2.14.1
Siemens	N/A	SCALANCE X201-3P IRT PRO toutes versions
Siemens	N/A	APOGEE MBC (PPC) (P2 Ethernet) toutes versions >= V2.6.3
Siemens	N/A	Teamcenter V12.4 versions antérieures à V12.4.0.8
Siemens	N/A	SCALANCE X302-7 EEC toutes versions
Siemens	N/A	Desigo CC V4.0 toutes versions
Siemens	N/A	SCALANCE X304-2FE toutes versions
Siemens	N/A	APOGEE PXC Modular (P2 Ethernet) toutes versions >= V2.8
Siemens	N/A	APOGEE MEC (PPC) (P2 Ethernet) toutes versions >= V2.6.3
Siemens	N/A	SINEC NMS versions antérieures à V1.0 SP1
Siemens	N/A	SCALANCE X202-2 IRT toutes versions
Siemens	N/A	SIMATIC CP 1543-1 (incl. SIPLUS variants) versions antérieures à V3.0
Siemens	N/A	SIPROTEC 5 relays with CPU variants CP300 versions antérieures à V8.80
Siemens	N/A	SCALANCE X308-2LD toutes versions
Siemens	N/A	SCALANCE X212-2 (incl. SIPLUS NET variant) versions antérieures à V5.2.5
Siemens	N/A	RUGGEDCOM ROX RX1524 versions antérieures à V2.14.1
Siemens	N/A	SCALANCE XR324-4M PoE toutes versions
Siemens	N/A	Desigo CC toutes versions with OIS Extension Module
Siemens	N/A	Teamcenter Active Workspace V4.3 versions antérieures à V4.3.10
Siemens	N/A	SCALANCE X310 toutes versions
Siemens	N/A	RUGGEDCOM ROX RX5000 versions antérieures à V2.14.1
Siemens	N/A	SCALANCE X308-2LH+ toutes versions
Siemens	N/A	NX 1980 Series versions antérieures à V1984
Siemens	N/A	Simcenter STAR-CCM+ Viewer versions antérieures à V2021.2.1
Siemens	N/A	SCALANCE X204 IRT PRO toutes versions
Siemens	N/A	SCALANCE XR324-12M toutes versions
Siemens	N/A	Teamcenter Active Workspace V5.2 versions antérieures à V5.2.1
Siemens	N/A	SCALANCE X308-2M toutes versions
Siemens	N/A	Siveillance Control toutes versions with OIS running on Debian 9 or earlier
Siemens	N/A	RUGGEDCOM ROX RX1400 versions antérieures à V2.14.1
Siemens	N/A	SCALANCE X408-2 toutes versions
Siemens	N/A	APOGEE PXC Compact (P2 Ethernet) toutes versions >= V2.8
Siemens	N/A	SCALANCE X308-2M TS toutes versions
Siemens	N/A	Operation Scheduler toutes versions with OIS running on Debian 9 or earlier
Siemens	N/A	SCALANCE XR324-4M PoE TS toutes versions
Siemens	N/A	Desigo CC V4.1 toutes versions
Siemens	N/A	Desigo CC Compact V4.0 toutes versions
Siemens	N/A	RUGGEDCOM ROX RX1512 versions antérieures à V2.14.1
Siemens	N/A	Simcenter Femap V2020.2 toutes versions
Siemens	N/A	SCALANCE XF204 IRT toutes versions
Siemens	N/A	Desigo CC V4.2 toutes versions
Siemens	N/A	Teamcenter V13.0 versions antérieures à V13.0.0.7
Siemens	N/A	SCALANCE X201-3P IRT toutes versions
Siemens	N/A	SCALANCE XF202-2P IRT toutes versions
Siemens	N/A	SCALANCE XF204-2BA IRT toutes versions
Siemens	N/A	SCALANCE XF206-1 versions antérieures à V5.2.5
Siemens	N/A	SCALANCE XF201-3P IRT toutes versions
Siemens	N/A	SCALANCE X307-3LD toutes versions
Siemens	N/A	Simcenter Femap V2021.1 toutes versions
Siemens	N/A	SCALANCE X307-3 toutes versions
Siemens	N/A	SIPROTEC 5 relays with CPU variants CP200 toutes versions
Siemens	N/A	SIMATIC RF650M toutes versions
Siemens	N/A	Siveillance Control Pro toutes versions
Siemens	N/A	SCALANCE X310FE toutes versions
Siemens	N/A	Cerberus DMS V5.0 versions antérieures à v5.0 QU1
Siemens	N/A	SINEMA Server versions antérieures à V14 SP3
Siemens	N/A	TALON TC Compact (BACnet) versions antérieures à V3.5.3
Siemens	N/A	SCALANCE X202-2P IRT (incl. SIPLUS NET variant) toutes versions
Siemens	N/A	APOGEE PXC Compact (BACnet) versions antérieures à V3.5.3
Siemens	N/A	SCALANCE X224 versions antérieures à V5.2.5
Siemens	N/A	SIMATIC CP 343-1 Lean (incl. SIPLUS variants) toutes versions
Siemens	N/A	SIMATIC CP 343-1 (incl. SIPLUS variants) toutes versions
Siemens	N/A	SCALANCE XR324-12M TS toutes versions
Siemens	N/A	Cerberus DMS V4.2 toutes versions
Siemens	N/A	SCALANCE X320-1-2LD FE toutes versions
Siemens	N/A	SIMATIC RTU 3000 family toutes versions
Siemens	N/A	SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) toutes versions
Siemens	N/A	RUGGEDCOM ROX MX5000 versions antérieures à V2.14.1
Siemens	N/A	Teamcenter V13.1 versions antérieures à V13.1.0.5
Siemens	N/A	SIMATIC CP 1545-1 toutes versions
Siemens	N/A	Desigo CC Compact V5.0 versions antérieures à V5.0 QU1
Siemens	N/A	SCALANCE XF208 versions antérieures à V5.2.5
Siemens	N/A	SCALANCE X308-2LH toutes versions
Siemens	N/A	SCALANCE X204-2 (incl. SIPLUS NET variant) versions antérieures à V5.2.5
Siemens	N/A	RUGGEDCOM ROX RX1511 versions antérieures à V2.14.1
Siemens	N/A	RUGGEDCOM ROX RX1500 versions antérieures à V2.14.1
Siemens	N/A	SCALANCE X200-4P IRT toutes versions
Siemens	N/A	Teamcenter V13.2 versions antérieures à 13.2.0.2
Siemens	N/A	SCALANCE XR324-4M EEC toutes versions
Siemens	N/A	SCALANCE XF204 versions antérieures à V5.2.5
Siemens	N/A	Desigo CC V5.0 versions antérieures à V5.0 QU1
Siemens	N/A	SCALANCE X307-2 EEC toutes versions
Siemens	N/A	SCALANCE X320-1 FE toutes versions
Siemens	N/A	SCALANCE X204-2FM versions antérieures à V5.2.5
Siemens	N/A	GMA-Manager toutes versions with OIS running on Debian 9 or earlier
Siemens	N/A	SIMATIC CP 443-1 (incl. SIPLUS variants) toutes versions
Siemens	N/A	SCALANCE X202-2P IRT PRO toutes versions
Siemens	N/A	Cerberus DMS V4.0 toutes versions
Siemens	N/A	SINEMA Remote Connect Server versions antérieures à V3.0 SP2
Siemens	N/A	LOGO! CMR2020 versions antérieures à V2.2
Siemens	N/A	Desigo CC Compact V4.1 toutes versions
Siemens	N/A	APOGEE PXC Modular (BACnet) versions antérieures à V3.5.3
Siemens	N/A	SCALANCE XF204-2 (incl. SIPLUS NET variant) versions antérieures à V5.2.5
Siemens	N/A	SCALANCE X204 IRT toutes versions
Siemens	N/A	SIMATIC CP 343-1 ERPC toutes versions
Siemens	N/A	RUGGEDCOM ROX RX1510 versions antérieures à V2.14.1
Siemens	N/A	Cerberus DMS V4.1 toutes versions
Siemens	N/A	Teamcenter Active Workspace V5.0 versions antérieures à V5.0.8
Siemens	N/A	SCALANCE X204-2LD TS versions antérieures à V5.2.5
Siemens	N/A	SCALANCE X204-2LD (incl. SIPLUS NET variant) versions antérieures à V5.2.5
Siemens	N/A	SIPROTEC 5 relays with CPU variants CP100 versions antérieures à V8.80
Siemens	N/A	LOGO! CMR2040 versions antérieures à V2.2
Siemens	N/A	Desigo CC Compact V4.2 toutes versions
Siemens	N/A	RUGGEDCOM ROX RX1536 versions antérieures à V2.14.1
Siemens	N/A	SCALANCE X208PRO versions antérieures à V5.2.5
Siemens	N/A	SCALANCE X308-2M PoE toutes versions
Siemens	N/A	SCALANCE X206-1LD versions antérieures à V5.2.5
Siemens	N/A	SCALANCE X208 (incl. SIPLUS NET variant) versions antérieures à V5.2.5
Siemens	N/A	SCALANCE X216 versions antérieures à V5.2.5
Siemens	N/A	SCALANCE X206-1 versions antérieures à V5.2.5
Siemens	N/A	SCALANCE X212-2LD versions antérieures à V5.2.5
Siemens	N/A	Teamcenter Active Workspace V5.1 versions antérieures à V5.1.5
Siemens	N/A	SCALANCE X308-2 (incl. SIPLUS NET variant) toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-847986 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-549234 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-208530 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-288459 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-987403 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-535380 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-334944 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-676336 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-997732 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-835377 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-109294 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-453715 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-692317 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-756638 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-316383 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-330339 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-500748 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-535997 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-150692 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-413407 du 14 septembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-944498 du 14 septembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Industrial Edge Management versions ant\u00e9rieures \u00e0 V1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF350M toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5 relays with CPU variants CP050 versions ant\u00e9rieures \u00e0 V8.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204-2TS versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X306-1LD FE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TALON TC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX RX1501 versions ant\u00e9rieures \u00e0 V2.14.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X201-3P IRT PRO toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MBC (PPC) (P2 Ethernet) toutes versions \u003e= V2.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V12.4 versions ant\u00e9rieures \u00e0 V12.4.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X302-7 EEC toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC V4.0 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X304-2FE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (P2 Ethernet) toutes versions \u003e= V2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MEC (PPC) (P2 Ethernet) toutes versions \u003e= V2.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V1.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2 IRT toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5 relays with CPU variants CP300 versions ant\u00e9rieures \u00e0 V8.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2LD toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X212-2 (incl. SIPLUS NET variant) versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX RX1524 versions ant\u00e9rieures \u00e0 V2.14.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-4M PoE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC toutes versions with OIS Extension Module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace V4.3 versions ant\u00e9rieures \u00e0 V4.3.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X310 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX RX5000 versions ant\u00e9rieures \u00e0 V2.14.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2LH+ toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "NX 1980 Series versions ant\u00e9rieures \u00e0 V1984",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter STAR-CCM+ Viewer versions ant\u00e9rieures \u00e0 V2021.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204 IRT PRO toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-12M toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace V5.2 versions ant\u00e9rieures \u00e0 V5.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2M toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Control toutes versions with OIS running on Debian 9 or earlier",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX RX1400 versions ant\u00e9rieures \u00e0 V2.14.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X408-2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (P2 Ethernet) toutes versions \u003e= V2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2M TS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Operation Scheduler toutes versions with OIS running on Debian 9 or earlier",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-4M PoE TS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC V4.1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC Compact V4.0 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX RX1512 versions ant\u00e9rieures \u00e0 V2.14.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter Femap V2020.2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF204 IRT toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC V4.2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V13.0 versions ant\u00e9rieures \u00e0 V13.0.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X201-3P IRT toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF202-2P IRT toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF204-2BA IRT toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF206-1 versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF201-3P IRT toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X307-3LD toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter Femap V2021.1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X307-3 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5 relays with CPU variants CP200 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF650M toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Control Pro toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X310FE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus DMS V5.0 versions ant\u00e9rieures \u00e0 v5.0 QU1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Server versions ant\u00e9rieures \u00e0 V14 SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TALON TC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X224 versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 Lean (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-12M TS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus DMS V4.2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X320-1-2LD FE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RTU 3000 family toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX MX5000 versions ant\u00e9rieures \u00e0 V2.14.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V13.1 versions ant\u00e9rieures \u00e0 V13.1.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1545-1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC Compact V5.0 versions ant\u00e9rieures \u00e0 V5.0 QU1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF208 versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2LH toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204-2 (incl. SIPLUS NET variant) versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX RX1511 versions ant\u00e9rieures \u00e0 V2.14.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX RX1500 versions ant\u00e9rieures \u00e0 V2.14.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X200-4P IRT toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V13.2 versions ant\u00e9rieures \u00e0 13.2.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-4M EEC toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF204 versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC V5.0 versions ant\u00e9rieures \u00e0 V5.0 QU1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X307-2 EEC toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X320-1 FE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204-2FM versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "GMA-Manager toutes versions with OIS running on Debian 9 or earlier",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 443-1 (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2P IRT PRO toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus DMS V4.0 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.0 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO! CMR2020 versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC Compact V4.1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF204-2 (incl. SIPLUS NET variant) versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204 IRT toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 ERPC toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX RX1510 versions ant\u00e9rieures \u00e0 V2.14.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Cerberus DMS V4.1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace V5.0 versions ant\u00e9rieures \u00e0 V5.0.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204-2LD TS versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204-2LD (incl. SIPLUS NET variant) versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5 relays with CPU variants CP100 versions ant\u00e9rieures \u00e0 V8.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO! CMR2040 versions ant\u00e9rieures \u00e0 V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo CC Compact V4.2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX RX1536 versions ant\u00e9rieures \u00e0 V2.14.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X208PRO versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2M PoE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X206-1LD versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X208 (incl. SIPLUS NET variant) versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X216 versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X206-1 versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X212-2LD versions ant\u00e9rieures \u00e0 V5.2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace V5.1 versions ant\u00e9rieures \u00e0 V5.1.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2 (incl. SIPLUS NET variant) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-37186",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37186"
    },
    {
      "name": "CVE-2021-37190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37190"
    },
    {
      "name": "CVE-2021-40356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40356"
    },
    {
      "name": "CVE-2021-33716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33716"
    },
    {
      "name": "CVE-2021-37191",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37191"
    },
    {
      "name": "CVE-2020-36478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36478"
    },
    {
      "name": "CVE-2021-37193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37193"
    },
    {
      "name": "CVE-2020-7461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7461"
    },
    {
      "name": "CVE-2021-40354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40354"
    },
    {
      "name": "CVE-2021-40355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40355"
    },
    {
      "name": "CVE-2016-10011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10011"
    },
    {
      "name": "CVE-2021-37201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37201"
    },
    {
      "name": "CVE-2021-25665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25665"
    },
    {
      "name": "CVE-2021-37202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37202"
    },
    {
      "name": "CVE-2021-33737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33737"
    },
    {
      "name": "CVE-2020-36475",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36475"
    },
    {
      "name": "CVE-2016-10708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10708"
    },
    {
      "name": "CVE-2021-37175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37175"
    },
    {
      "name": "CVE-2021-37174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37174"
    },
    {
      "name": "CVE-2021-40357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40357"
    },
    {
      "name": "CVE-2021-33720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33720"
    },
    {
      "name": "CVE-2021-37203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37203"
    },
    {
      "name": "CVE-2021-37183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37183"
    },
    {
      "name": "CVE-2021-37184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37184"
    },
    {
      "name": "CVE-2021-37177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37177"
    },
    {
      "name": "CVE-2021-37173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37173"
    },
    {
      "name": "CVE-2021-37200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37200"
    },
    {
      "name": "CVE-2021-33719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33719"
    },
    {
      "name": "CVE-2021-37181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37181"
    },
    {
      "name": "CVE-2021-31891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31891"
    },
    {
      "name": "CVE-2021-37192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37192"
    },
    {
      "name": "CVE-2021-37206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37206"
    },
    {
      "name": "CVE-2021-37176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37176"
    },
    {
      "name": "CVE-2021-27391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27391"
    },
    {
      "name": "CVE-2019-10941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10941"
    }
  ],
  "initial_release_date": "2021-09-15T00:00:00",
  "last_revision_date": "2021-09-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-706",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-847986 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-549234 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-208530 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-288459 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-987403 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-535380 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-334944 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-676336 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-997732 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-835377 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-109294 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-109294.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-453715 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-692317 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-756638 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-316383 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-330339 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-500748 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-535997 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-150692 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-413407 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-944498 du 14 septembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2016-10708 (GCVE-0-2016-10708)

Vulnerability from cvelistv5

CERTFR-2021-AVI-146

Vulnerability from certfr_avis

Solution

CERTFR-2021-AVI-706

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature