cvelistv5 - cve-2018-3615

CVE-2018-3615 (GCVE-0-2018-3615)

Vulnerability from cvelistv5

Published

2018-08-14 19:00

Modified

2024-09-16 19:40

Severity ?

CWE

Information Disclosure

Summary

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis.

References

URL

Tags

	https://www.kb.cert.org/vuls/id/982149	third-party-advisory, x_refsource_CERT-VN
	http://www.securitytracker.com/id/1041451	vdb-entry, x_refsource_SECTRACK
	https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105080	vdb-entry, x_refsource_BID
	https://foreshadowattack.eu/	x_refsource_MISC
	https://security.netapp.com/advisory/ntap-20180815-0001/	x_refsource_CONFIRM
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel	vendor-advisory, x_refsource_CISCO
	https://support.f5.com/csp/article/K35558453	x_refsource_CONFIRM
	http://support.lenovo.com/us/en/solutions/LEN-24163	x_refsource_CONFIRM
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_45	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html	mailing-list, x_refsource_MLIST
	https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03874en_us	x_refsource_CONFIRM
	https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Intel Corporation	Multiple	Version: Multiple

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:50:30.411Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#982149",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/982149"
          },
          {
            "name": "1041451",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041451"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008"
          },
          {
            "name": "105080",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105080"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://foreshadowattack.eu/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
          },
          {
            "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K35558453"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_45"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Multiple",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "Multiple"
            }
          ]
        }
      ],
      "datePublic": "2018-08-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-08T12:06:06.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "name": "VU#982149",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/982149"
        },
        {
          "name": "1041451",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041451"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008"
        },
        {
          "name": "105080",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105080"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://foreshadowattack.eu/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
        },
        {
          "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K35558453"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_45"
        },
        {
          "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-08-14T00:00:00",
          "ID": "CVE-2018-3615",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Multiple",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Multiple"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an enclave to an attacker with local user access via a side-channel analysis."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#982149",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/982149"
            },
            {
              "name": "1041451",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041451"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0008"
            },
            {
              "name": "105080",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105080"
            },
            {
              "name": "https://foreshadowattack.eu/",
              "refsource": "MISC",
              "url": "https://foreshadowattack.eu/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180815-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180815-0001/"
            },
            {
              "name": "20180814 CPU Side-Channel Information Disclosure Vulnerabilities: August 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180814-cpusidechannel"
            },
            {
              "name": "https://support.f5.com/csp/article/K35558453",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K35558453"
            },
            {
              "name": "http://support.lenovo.com/us/en/solutions/LEN-24163",
              "refsource": "CONFIRM",
              "url": "http://support.lenovo.com/us/en/solutions/LEN-24163"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180815-01-cpu-en"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_45",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_45"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03874en_us"
            },
            {
              "name": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault",
              "refsource": "CONFIRM",
              "url": "https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2018-3615",
    "datePublished": "2018-08-14T19:00:00.000Z",
    "dateReserved": "2017-12-28T00:00:00.000Z",
    "dateUpdated": "2024-09-16T19:40:45.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2018-AVI-476

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans SCADA les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC IPC627C toutes versions
Siemens	N/A	SIMATIC IPC847C toutes versions
Siemens	N/A	SIMATIC IPC227E toutes versions
Siemens	N/A	SIMATIC ITP1000 toutes versions
Siemens	N/A	SINUMERIK Panels wtih integrated TCU toutes versions
Siemens	N/A	SIMATIC S7-1200 CPU versions antérieures à 4.2.3 exclue
Siemens	N/A	SIMATIC IPC427D versions de BIOS antérieures à 17.0x.14 exclue
Siemens	N/A	SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0) toutes versions
Siemens	N/A	SIMATIC S7-1500 Software Controller versions comprises entre à 2.0 inclue et 2.5 exclue
Siemens	N/A	SIMATIC ET 200 SP Open Controller toutes versions
Siemens	N/A	SIMATIC Field PG M5 versions de BIOS antérieures à 22.01.06 exclue
Siemens	N/A	SIMATIC IPC477D versions de BIOS antérieures à 17.0x.14 exclue
Siemens	N/A	SIMATIC IPC827D toutes versions
Siemens	N/A	SIMATIC ET 200SP Open Controller versions supérieures à 2.0 inclue
Siemens	N/A	SCALANCE W1750D versions antérieures à 8.3.0.1 exclue
Siemens	N/A	SIMATIC IPC477E Pro versions de BIOS antérieures à 21.01.09 exclue
Siemens	N/A	SIMATIC ET 200 SP Open Controller (F) toutes versions
Siemens	N/A	SINUMERIK 840 D sl (NCU720.3B, NCU730.3B, NCU720.3, NCU730.3) toutes versions
Siemens	N/A	SIMATIC IPC427E versions de BIOS antérieures à 21.01.09 exclue
Siemens	N/A	SIMATIC S7-1500 (incl. F) versions comprises entre 2.0 inclus et 2.5 exclue
Siemens	N/A	SIMATIC IPC3000 SMART V2 toutes versions
Siemens	N/A	SIMATIC IPC277E toutes versions
Siemens	N/A	SIMATIC IPC347E toutes versions
Siemens	N/A	RUGGEDCOM RX1400 VPE toutes versions
Siemens	N/A	SIMATIC IPC647C toutes versions
Siemens	N/A	SIMATIC IPC647D toutes versions
Siemens	N/A	SIMATIC IPC627D toutes versions
Siemens	N/A	SIMOTION P320-4S toutes versions
Siemens	N/A	SIMATIC IPC827C toutes versions
Siemens	N/A	SIMOTION P320-4E toutes versions
Siemens	N/A	SIMATIC IPC547E toutes versions
Siemens	N/A	SIMATIC IPC677D toutes versions
Siemens	N/A	SINUMERIK PCU 50.5 toutes versions
Siemens	N/A	SIMATIC IPC477E versions de BIOS antérieures à 21.01.09 exclue
Siemens	N/A	SIMATIC IPC327E toutes versions
Siemens	N/A	SIMATIC IPC677C toutes versions
Siemens	N/A	SINUMERIK TCU 30.3 toutes versions
Siemens	N/A	SIMATIC IPC547G toutes versions
Siemens	N/A	SIMATIC Field PG M4 versions de BIOS antérieures à 18.01.09 exclue
Siemens	N/A	SIMATIC S7-1500 Software Controller toutes versions
Siemens	N/A	ROX II versions antérieures à 2.12.1 exclue
Siemens	N/A	SIMATIC IPC477C toutes versions
Siemens	N/A	SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0) toutes versions
Siemens	N/A	SIMATIC IPC377E toutes versions
Siemens	N/A	SIMATIC IPC847D toutes versions
Siemens	N/A	SIMATIC IPC427C toutes versions
Siemens	N/A	RUGGEDCOM APE toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité SCADA Siemens ssa-507847 du 9 octobre 2018	None	vendor-advisory
Bulletin de sécurité SCADA Siemens ssa-254686 du 9 octobre 2018	None	vendor-advisory
Bulletin de sécurité SCADA Siemens ssa-347726 du 9 octobre 2018	None	vendor-advisory
Bulletin de sécurité SCADA Siemens ssa-493830 du 9 octobre 2018	None	vendor-advisory
Bulletin de sécurité SCADA Siemens ssa-464260 du 9 octobre 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC IPC627C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC847C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC227E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITP1000 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Panels wtih integrated TCU toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU versions ant\u00e9rieures \u00e0 4.2.3 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427D versions de BIOS ant\u00e9rieures \u00e0 17.0x.14 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU S7-1518F-4 PN/DP MFP (MLFB: 6ES7518-4FX00-1AC0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller versions comprises entre \u00e0 2.0 inclue et 2.5 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200 SP Open Controller toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Field PG M5 versions de BIOS ant\u00e9rieures \u00e0 22.01.06 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477D versions de BIOS ant\u00e9rieures \u00e0 17.0x.14 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC827D toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller versions sup\u00e9rieures \u00e0 2.0 inclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D versions ant\u00e9rieures \u00e0 8.3.0.1 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477E Pro versions de BIOS ant\u00e9rieures \u00e0 21.01.09 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200 SP Open Controller (F) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK 840 D sl (NCU720.3B, NCU730.3B, NCU720.3, NCU730.3) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427E versions de BIOS ant\u00e9rieures \u00e0 21.01.09 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 (incl. F) versions comprises entre 2.0 inclus et 2.5 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC3000 SMART V2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC277E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC347E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RX1400 VPE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC647C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC647D toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC627D toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4S toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC827C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC547E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC677D toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK PCU 50.5 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477E versions de BIOS ant\u00e9rieures \u00e0 21.01.09 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC327E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC677C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK TCU 30.3 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC547G toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Field PG M4 versions de BIOS ant\u00e9rieures \u00e0 18.01.09 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "ROX II versions ant\u00e9rieures \u00e0 2.12.1 exclue",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC477C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU S7-1518-4 PN/DP MFP (MLFB: 6ES7518-4AX00-1AC0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC377E toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC847D toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427C toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM APE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-13099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13099"
    },
    {
      "name": "CVE-2018-13800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13800"
    },
    {
      "name": "CVE-2018-13805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13805"
    },
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-13801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-13801"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    },
    {
      "name": "CVE-2018-3615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3615"
    }
  ],
  "initial_release_date": "2018-10-09T00:00:00",
  "last_revision_date": "2018-10-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-476",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-10-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-507847 du 9 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-507847.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-254686 du 9 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254686.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-347726 du 9 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-347726.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-493830 du 9 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-493830.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-464260 du 9 octobre 2018",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-464260.pdf"
    }
  ]
}

CERTFR-2018-AVI-387

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Intel. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Processeurs Intel Core i3 (45nm et 32nm)
Processeurs Intel Core i5 (45nm et 32nm)
Processeurs Intel Core i7 (45nm et 32nm)
Processeurs de la famille Intel Core M (45nm et 32nm)
Processeurs Intel Core de seconde génération
Processeurs Intel Core de troisième génération
Processeurs Intel Core de quatrième génération
Processeurs Intel Core de cinquième génération
Processeurs Intel Core de sixième génération
Processeurs Intel Core de septième génération
Processeurs Intel Core de huitième génération
Processeurs de la famille Intel Core X-series pour plateforme Intel X99
Processeurs de la famille Intel Core X-series pour plateforme Intel X299
Processeurs Intel Xeon séries 3400, 3600, 5500, 5600, 6500 et 7500
Processeurs Intel Xeon familles E3, E3 v2, E3 v3, E3 v4, E3 v5, E3 v6
Processeurs Intel Xeon familles E5, E5 v2, E5 v3, E5 v4
Processeurs Intel Xeon familles E7, E7 v2, E7 v3, E7 v4
Processeurs de la famille Intel Xeon Scalable
Processeurs Intel Xeon famille D (1500, 2100)

Pour une liste complète et mise à jour des systèmes impactés, le CERT-FR recommande de se référer au bulletin de sécurité de l'éditeur (cf. section Documentation).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Intel INTEL-SA-00161 du 14 août 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cul\u003e \u003cli\u003eProcesseurs Intel Core i3 (45nm et 32nm)\u003c/li\u003e \u003cli\u003eProcesseurs Intel Core i5 (45nm et 32nm)\u003c/li\u003e \u003cli\u003eProcesseurs Intel Core i7 (45nm et 32nm)\u003c/li\u003e \u003cli\u003eProcesseurs de la famille Intel Core M (45nm et 32nm)\u003c/li\u003e \u003cli\u003eProcesseurs Intel Core de seconde g\u00e9n\u00e9ration\u003c/li\u003e \u003cli\u003eProcesseurs Intel Core de troisi\u00e8me g\u00e9n\u00e9ration\u003c/li\u003e \u003cli\u003eProcesseurs Intel Core de quatri\u00e8me g\u00e9n\u00e9ration\u003c/li\u003e \u003cli\u003eProcesseurs Intel Core de cinqui\u00e8me g\u00e9n\u00e9ration\u003c/li\u003e \u003cli\u003eProcesseurs Intel Core de sixi\u00e8me g\u00e9n\u00e9ration\u003c/li\u003e \u003cli\u003eProcesseurs Intel Core de septi\u00e8me g\u00e9n\u00e9ration\u003c/li\u003e \u003cli\u003eProcesseurs Intel Core de huiti\u00e8me g\u00e9n\u00e9ration\u003c/li\u003e \u003cli\u003eProcesseurs de la famille Intel Core X-series pour plateforme Intel X99\u003c/li\u003e \u003cli\u003eProcesseurs de la famille Intel Core X-series pour plateforme Intel X299\u003c/li\u003e \u003cli\u003eProcesseurs Intel Xeon s\u00e9ries 3400, 3600, 5500, 5600, 6500 et 7500\u003c/li\u003e \u003cli\u003eProcesseurs Intel Xeon familles E3, E3 v2, E3 v3, E3 v4, E3 v5, E3 v6\u003c/li\u003e \u003cli\u003eProcesseurs Intel Xeon familles E5, E5 v2, E5 v3, E5 v4\u003c/li\u003e \u003cli\u003eProcesseurs Intel Xeon familles E7, E7 v2, E7 v3, E7 v4\u003c/li\u003e \u003cli\u003eProcesseurs de la famille Intel Xeon Scalable\u003c/li\u003e \u003cli\u003eProcesseurs Intel Xeon famille D (1500, 2100)\u003c/li\u003e \u003c/ul\u003e \u003cp\u003ePour une liste compl\u00e8te et mise \u00e0 jour des syst\u00e8mes impact\u00e9s, le CERT-FR recommande de se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (cf. section Documentation).\u003c/p\u003e ",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    },
    {
      "name": "CVE-2018-3615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3615"
    }
  ],
  "initial_release_date": "2018-08-16T00:00:00",
  "last_revision_date": "2018-08-16T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-387",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-08-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nElles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00161 du 14 ao\u00fbt 2018",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html"
    }
  ]
}

CERTFR-2019-AVI-489

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC PROFINET Driver versions antérieures à V2.1
Siemens	N/A	SINAMICS G120 V4.7 (PN Control Unit) versions antérieures à V4.7 SP10 HF5
Siemens	N/A	SIMATIC CFU PA versions antérieures à V1.2.0
Siemens	N/A	SINAMICS S120 V4.7 (Control Unit et CBE20) versions antérieures à V4.7 HF34 ou V5.2 HF2
Siemens	N/A	SINAMICS GH150 V4.7 (Control Unit) versions antérieures à V4.8 SP2 HF9
Siemens	N/A	SIMATIC ET 200SP IM 155-6 PN/2 HF versions antérieures à V4.2.2
Siemens	N/A	SINAMICS G120 V4.7 (Control Unit) versions antérieures à V4.7 SP10 HF5
Siemens	N/A	SIMATIC ET 200SP IM 155-6 PN/3 HF versions antérieures à V4.2.1
Siemens	N/A	SCALANCE X-200IRT versions antérieures à V5.4.2
Siemens	N/A	SINAMICS G130 V4.7 (Control Unit) versions antérieures à V4.7 HF29 ou V5.2 HF2
Siemens	N/A	Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller versions antérieures à V4.1.1 Patch 05
Siemens	N/A	Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200P versions antérieures à V4.5.0
Siemens	N/A	SINAMICS GL150 V4.7 (Control Unit) versions antérieures à V4.8 SP2 HF9
Siemens	N/A	CP1616 versions antérieures à V2.8
Siemens	N/A	SINAMICS G110M V4.7 (Control Unit) versions antérieures à V4.7 SP10 HF5
Siemens	N/A	SIMATIC ET 200MP IM 155-5 PN BA versions antérieures à V4.2.3
Siemens	N/A	SINAMICS G110M V4.7 (PN Control Unit) versions antérieures à V4.7 SP10 HF5
Siemens	N/A	SINAMICS DCM versions antérieures à V1.5 HF1
Siemens	N/A	SINAMICS GM150 V4.7 (Control Unit) versions antérieures à V4.8 SP2 HF9
Siemens	N/A	SIMATIC IT UADM versions antérieures à V1.3
Siemens	N/A	Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200 versions antérieures à V4.5.0 Patch 01
Siemens	N/A	SIMATIC S7-400H V6 versions antérieures à V6.0.9
Siemens	N/A	SIMATIC WinAC RTX (F) 2010 versions antérieures à SIMATIC WinAC RTX 2010 SP3 avec les mises à jour BIOS et Windows
Siemens	N/A	SIMATIC ET 200SP IM 155-6 PN HF versions antérieures à V4.2.2
Siemens	N/A	CP1604 versions antérieures à V2.8
Siemens	N/A	SINUMERIK 828D versions antérieures à V4.8 SP5

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-608355 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-349422 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-878278 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-473245 du 08 octobre 2019	None	vendor-advisory
Bulletin de sécurité Siemens ssa-984700 du 08 octobre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC PROFINET Driver versions ant\u00e9rieures \u00e0 V2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G120 V4.7 (PN Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CFU PA versions ant\u00e9rieures \u00e0 V1.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS S120 V4.7 (Control Unit et CBE20) versions ant\u00e9rieures \u00e0 V4.7 HF34 ou V5.2 HF2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS GH150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP IM 155-6 PN/2 HF versions ant\u00e9rieures \u00e0 V4.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G120 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP IM 155-6 PN/3 HF versions ant\u00e9rieures \u00e0 V4.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200IRT versions ant\u00e9rieures \u00e0 V5.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G130 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 HF29 ou V5.2 HF2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO:DK Standard Ethernet Controller versions ant\u00e9rieures \u00e0 V4.1.1 Patch 05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS GL150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP1616 versions ant\u00e9rieures \u00e0 V2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G110M V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200MP IM 155-5 PN BA versions ant\u00e9rieures \u00e0 V4.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS G110M V4.7 (PN Control Unit) versions ant\u00e9rieures \u00e0 V4.7 SP10 HF5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS DCM versions ant\u00e9rieures \u00e0 V1.5 HF1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS GM150 V4.7 (Control Unit) versions ant\u00e9rieures \u00e0 V4.8 SP2 HF9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IT UADM versions ant\u00e9rieures \u00e0 V1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO:EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5.0 Patch 01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400H V6 versions ant\u00e9rieures \u00e0 V6.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinAC RTX (F) 2010 versions ant\u00e9rieures \u00e0 SIMATIC WinAC RTX 2010 SP3 avec les mises \u00e0 jour BIOS et Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP IM 155-6 PN HF versions ant\u00e9rieures \u00e0 V4.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "CP1604 versions ant\u00e9rieures \u00e0 V2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK 828D versions ant\u00e9rieures \u00e0 V4.8 SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-11091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11091"
    },
    {
      "name": "CVE-2018-12127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12127"
    },
    {
      "name": "CVE-2019-10936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10936"
    },
    {
      "name": "CVE-2017-5754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
    },
    {
      "name": "CVE-2018-12130",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12130"
    },
    {
      "name": "CVE-2019-10923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10923"
    },
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2019-13929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13929"
    },
    {
      "name": "CVE-2019-13921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13921"
    },
    {
      "name": "CVE-2017-5753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    },
    {
      "name": "CVE-2018-12126",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12126"
    },
    {
      "name": "CVE-2017-5715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
    },
    {
      "name": "CVE-2018-3640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3640"
    },
    {
      "name": "CVE-2018-3615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3615"
    }
  ],
  "initial_release_date": "2019-10-08T00:00:00",
  "last_revision_date": "2019-10-08T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-489",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-10-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-608355 du 08 octobre 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-349422 du 08 octobre 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-349422.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-878278 du 08 octobre 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-878278.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-473245 du 08 octobre 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-473245.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-984700 du 08 octobre 2019",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-984700.pdf"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-3615 (GCVE-0-2018-3615)

Vulnerability from cvelistv5

CERTFR-2018-AVI-476

Vulnerability from certfr_avis

Solution

CERTFR-2018-AVI-387

Vulnerability from certfr_avis

Solution

CERTFR-2019-AVI-489

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature