cvelistv5 - cve-2019-13941

CVE-2019-13941 (GCVE-0-2019-13941)

Vulnerability from cvelistv5

Published

2020-02-11 15:36

Modified

2024-08-05 00:05

Severity ?

CWE

CWE-552 - Files or Directories Accessible to External Parties

Summary

A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10.00). Vulnerable versions of OZW Web Server use predictable path names for project files that legitimately authenticated users have created by using the application's export function. By accessing a specific uniform resource locator on the web server, a remote attacker could be able to download a project file without prior authentication. The security vulnerability could be exploited by an unauthenticated attacker with network access to the affected system. No user interaction is required to exploit this security vulnerability. Successful exploitation of the security vulnerability compromises the confidentiality of the targeted system.

References

URL

CERTFR-2020-AVI-090

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)
Siemens	N/A	SIMATIC Route Control V8.1
Siemens	N/A	SCALANCE M-800 / S615 versions antérieures à V6.1.2
Siemens	N/A	SIMATIC WinCC (TIA Portal) V16
Siemens	N/A	SIMATIC S7-1200 CPU (incl. variante SIPLUS)
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)
Siemens	N/A	OpenPCS 7 V9.0
Siemens	N/A	SIMATIC S7-1500 Software Controller versions antérieures à 20.8
Siemens	N/A	SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0
Siemens	N/A	SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0
Siemens	N/A	SIMATIC Field PG M4, Field PG M5, Field PG M6
Siemens	N/A	SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)
Siemens	N/A	SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules
Siemens	N/A	SIMATIC Route Control V8.2
Siemens	N/A	SIPORT MP versions antérieures à V3.1.4
Siemens	N/A	SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions antérieures à V5.4.2
Siemens	N/A	OZW672 versions antérieures à V10.00
Siemens	N/A	SIMATIC CP 1626
Siemens	N/A	SCALANCE X-200 switch (incl. variante SIPLUS NET) versions antérieures à V5.2.4
Siemens	N/A	SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions antérieures V2.2
Siemens	N/A	SIMATIC NET PC Software
Siemens	N/A	RUGGEDCOM RM1224 versions antérieures à V6.1.2
Siemens	N/A	SIMATIC WinCC V7.3
Siemens	N/A	SIMATIC PCS 7 V8.1
Siemens	N/A	SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions antérieures à V4.1.3
Siemens	N/A	SIMATIC PCS 7 V9.0
Siemens	N/A	SCALANCE S602, S612, S623, S627-2M, S627-2M
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.6
Siemens	N/A	SIMATIC BATCH V8.1
Siemens	N/A	SIMATIC BATCH V9.0
Siemens	N/A	SIMATIC RF182C
Siemens	N/A	SCALANCE XR-500 switch versions antérieures à V6.2.3
Siemens	N/A	SIMATIC WinCC (TIA Portal) V13 versions antérieures à V13 SP2
Siemens	N/A	SCALANCE W700 IEEE 802.11n versions antérieures à V6.4
Siemens	N/A	SIMOTION P320-4S
Siemens	N/A	SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)
Siemens	N/A	IE/PB LINK PN IO (incl. variante SIPLUS NET)
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5 Patch 01
Siemens	N/A	SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.2
Siemens	N/A	SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associées et variantes SIPLUS)
Siemens	N/A	SIMATIC RF180C
Siemens	N/A	SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)
Siemens	N/A	SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions antérieures à V4.1
Siemens	N/A	SIMATIC PCS 7 V8.2
Siemens	N/A	TIM 1531 IRC (incl. variante SIPLUS NET) versions antérieures à V2.0
Siemens	N/A	SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA
Siemens	N/A	SIMATIC MV400
Siemens	N/A	OZW772 versions antérieures à V10.00
Siemens	N/A	SIMATIC IPC Support, Package for VxWorks
Siemens	N/A	SIMATIC WinCC (TIA Portal) V15.1
Siemens	N/A	SINAMICS DCP versions antérieures à V1.3
Siemens	N/A	SIMATIC CP 1616 et CP 1604 versions antérieures à V2.8.1
Siemens	N/A	SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF
Siemens	N/A	SIMATIC WinCC (TIA Portal) V14.0.1
Siemens	N/A	SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E
Siemens	N/A	SIMATIC RF600 versions antérieures à V3.2.1
Siemens	N/A	SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (excepté 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)
Siemens	N/A	SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.0
Siemens	N/A	SIMATIC S7-1500 CPU (incl. les CPUS ET200 associées et variantes SIPLUS) versions antérieures à 2.8
Siemens	N/A	OpenPCS 7 V8.2
Siemens	N/A	SIMATIC CP 1628 versions antérieures à V14.00.15.00_51.25.00.01
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à 7.5.1 Upd1
Siemens	N/A	SIMATIC CP 1623 versions antérieures à V14.00.15.00_51.25.00.01
Siemens	N/A	SIMATIC ITP1000
Siemens	N/A	SIMATIC Route Control V9.0
Siemens	N/A	SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
Siemens	N/A	OpenPCS 7 V8.1
Siemens	N/A	SIMATIC S7-400 PN/DP CPU V6 et antérieures (incl. variante SIPLUS)
Siemens	N/A	SIMATIC WinCC V7.4
Siemens	N/A	SCALANCE XM-400 switch versions antérieures à V6.2.3
Siemens	N/A	PROFINET Driver for Controller versions antérieures à V2.1 Patch 03
Siemens	N/A	SIMOTION P320-4E
Siemens	N/A	SIMATIC BATCH V8.2

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-398519 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-940889 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-974843 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-270778 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-780073 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-986695 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-750824 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-951513 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-431678 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-591405 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-978558 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-978220 du 11 février 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Route Control V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M-800 / S615 versions ant\u00e9rieures \u00e0 V6.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 20.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Field PG M4, Field PG M5, Field PG M6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Route Control V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPORT MP versions ant\u00e9rieures \u00e0 V3.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OZW672 versions ant\u00e9rieures \u00e0 V10.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1626",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200 switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions ant\u00e9rieures V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 V6.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V4.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S602, S612, S623, S627-2M, S627-2M",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC BATCH V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC BATCH V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF182C",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR-500 switch versions ant\u00e9rieures \u00e0 V6.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W700 IEEE 802.11n versions ant\u00e9rieures \u00e0 V6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "IE/PB LINK PN IO (incl. variante SIPLUS NET)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5 Patch 01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF180C",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions ant\u00e9rieures \u00e0 V4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV400",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OZW772 versions ant\u00e9rieures \u00e0 V10.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC Support, Package for VxWorks",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V15.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS DCP versions ant\u00e9rieures \u00e0 V1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1616 et CP 1604 versions ant\u00e9rieures \u00e0 V2.8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V14.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF600 versions ant\u00e9rieures \u00e0 V3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (except\u00e9 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS) versions ant\u00e9rieures \u00e0 2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1628 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 7.5.1 Upd1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1623 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITP1000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Route Control V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP CPU V6 et ant\u00e9rieures (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM-400 switch versions ant\u00e9rieures \u00e0 V6.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "PROFINET Driver for Controller versions ant\u00e9rieures \u00e0 V2.1 Patch 03",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4E",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC BATCH V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-19282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19282"
    },
    {
      "name": "CVE-2019-19277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19277"
    },
    {
      "name": "CVE-2019-13926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13926"
    },
    {
      "name": "CVE-2019-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
    },
    {
      "name": "CVE-2019-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
    },
    {
      "name": "CVE-2019-19281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19281"
    },
    {
      "name": "CVE-2019-13941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13941"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2019-18217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18217"
    },
    {
      "name": "CVE-2019-12815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12815"
    },
    {
      "name": "CVE-2019-13940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13940"
    },
    {
      "name": "CVE-2019-19279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19279"
    },
    {
      "name": "CVE-2019-13925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13925"
    },
    {
      "name": "CVE-2019-0151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
    },
    {
      "name": "CVE-2019-13946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13946"
    },
    {
      "name": "CVE-2019-6585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6585"
    },
    {
      "name": "CVE-2020-19282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19282"
    },
    {
      "name": "CVE-2019-13924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    }
  ],
  "initial_release_date": "2020-02-13T00:00:00",
  "last_revision_date": "2020-02-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-090",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-398519 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-940889 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-974843 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-270778 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-780073 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-986695 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-750824 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-951513 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-431678 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-591405 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978558 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978220 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted