cvelistv5 - cve-2019-8259

CVE-2019-8259 (GCVE-0-2019-8259)

Vulnerability from cvelistv5

Published

2019-03-05 15:00

Modified

2024-09-16 20:59

Severity ?

CWE

CWE-665 - Improper Initialization

Summary

UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199.

References

URL

Tags

	https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf	x_refsource_CONFIRM
	https://www.us-cert.gov/ics/advisories/icsa-20-161-06	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf	x_refsource_CONFIRM
	https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	UltraVNC	UltraVNC	Version: 1.2.2.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T21:17:30.187Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "UltraVNC",
          "vendor": "UltraVNC",
          "versions": [
            {
              "status": "affected",
              "version": "1.2.2.3"
            }
          ]
        }
      ],
      "datePublic": "2019-03-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-665",
              "description": "CWE-665: Improper Initialization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-28T12:10:55.000Z",
        "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
        "shortName": "Kaspersky"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vulnerability@kaspersky.com",
          "DATE_PUBLIC": "2019-03-01T00:00:00",
          "ID": "CVE-2019-8259",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "UltraVNC",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.2.2.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "UltraVNC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "UltraVNC revision 1198 contains multiple memory leaks (CWE-655) in VNC client code, which allow an attacker to read stack memory and can be abused for information disclosure. Combined with another vulnerability, it can be used to leak stack memory and bypass ASLR. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1199."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-665: Improper Initialization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/",
              "refsource": "MISC",
              "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2019/03/01/klcert-19-005-ultravnc-memory-leak/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
            },
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsa-20-161-06"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
            },
            {
              "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11",
              "refsource": "MISC",
              "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-131-11"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
    "assignerShortName": "Kaspersky",
    "cveId": "CVE-2019-8259",
    "datePublished": "2019-03-05T15:00:00.000Z",
    "dateReserved": "2019-02-12T00:00:00.000Z",
    "dateUpdated": "2024-09-16T20:59:11.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2020-AVI-349

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC PDM
Siemens	N/A	SIMATIC WinCC OA V3.17 versions antérieures à V3.17-P003
Siemens	N/A	SINUMERIK PCU base Win7 software /IPC versions antérieures à V12.01 HF4
Siemens	N/A	SIMATIC NET PC versions antérieures à V16 Upd3
Siemens	N/A	SIMATIC WinCC OA V3.16 versions antérieures à V3.16-P018
Siemens	N/A	SINEC NMS sans le dernier correctif de sécurité
Siemens	N/A	SIMATIC PCS 7
Siemens	N/A	LOGO!8 BM
Siemens	N/A	SIMATIC S7-1500
Siemens	N/A	SINUMERIK Operate
Siemens	N/A	SINEMA Server sans le dernier correctif de sécurité
Siemens	N/A	SIMATIC WinCC Runtime Advanced
Siemens	N/A	SIMATIC Automation Tool
Siemens	N/A	SINUMERIK ONE virtual
Siemens	N/A	SIMATIC ProSave
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 SP1 Update 3
Siemens	N/A	SINAMICS STARTER commissioning tool
Siemens	N/A	SIMATIC WinCC Runtime Professional V13, V14, V15 et V16
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V13, V14, V15 et V16
Siemens	N/A	SIMATIC PCS neo
Siemens	N/A	SINAMICS Startdrive
Siemens	N/A	SINAMICS STARTER versions antérieures à V5.4 HF1
Siemens	N/A	SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Update 14
Siemens	N/A	SIMATIC STEP 7 versions antérieures à V5.6 SP2 HF3
Siemens	N/A	SINUMERIK Access MyMachine /P2P versions antérieures à V4.8
Siemens	N/A	SINUMERIK PCU base Win10 software /IPC versions antérieures à V14.00

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-817401 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-312271 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-689942 du 09 juin 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-927095 du 09 juin 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC PDM",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.17 versions ant\u00e9rieures \u00e0 V3.17-P003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK PCU base Win7 software /IPC versions ant\u00e9rieures \u00e0 V12.01 HF4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC versions ant\u00e9rieures \u00e0 V16 Upd3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.16 versions ant\u00e9rieures \u00e0 V3.16-P018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "LOGO!8 BM",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Operate",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Server sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Automation Tool",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK ONE virtual",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ProSave",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP1 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS STARTER commissioning tool",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V13, V14, V15 et V16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V13, V14, V15 et V16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS Startdrive",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS STARTER versions ant\u00e9rieures \u00e0 V5.4 HF1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Update 14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 versions ant\u00e9rieures \u00e0 V5.6 SP2 HF3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Access MyMachine /P2P versions ant\u00e9rieures \u00e0 V4.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK PCU base Win10 software /IPC versions ant\u00e9rieures \u00e0 V14.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-7589",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7589"
    },
    {
      "name": "CVE-2018-15361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15361"
    },
    {
      "name": "CVE-2019-8262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8262"
    },
    {
      "name": "CVE-2019-8277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8277"
    },
    {
      "name": "CVE-2019-8265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8265"
    },
    {
      "name": "CVE-2019-8269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8269"
    },
    {
      "name": "CVE-2019-8260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8260"
    },
    {
      "name": "CVE-2019-8263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8263"
    },
    {
      "name": "CVE-2019-8261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8261"
    },
    {
      "name": "CVE-2019-8276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8276"
    },
    {
      "name": "CVE-2019-8259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8259"
    },
    {
      "name": "CVE-2019-8271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8271"
    },
    {
      "name": "CVE-2020-7586",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7586"
    },
    {
      "name": "CVE-2019-8267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8267"
    },
    {
      "name": "CVE-2020-7580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7580"
    },
    {
      "name": "CVE-2019-8280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8280"
    },
    {
      "name": "CVE-2019-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8275"
    },
    {
      "name": "CVE-2019-8274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8274"
    },
    {
      "name": "CVE-2019-8266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8266"
    },
    {
      "name": "CVE-2019-8270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8270"
    },
    {
      "name": "CVE-2019-8258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8258"
    },
    {
      "name": "CVE-2019-8264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8264"
    },
    {
      "name": "CVE-2020-7585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7585"
    },
    {
      "name": "CVE-2019-8272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8272"
    },
    {
      "name": "CVE-2019-8268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8268"
    },
    {
      "name": "CVE-2019-8273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8273"
    }
  ],
  "initial_release_date": "2020-06-09T00:00:00",
  "last_revision_date": "2020-06-09T00:00:00",
  "links": [],
  "reference": "CERTFR-2020-AVI-349",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-817401 du 09 juin 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-817401.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-312271 du 09 juin 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-689942 du 09 juin 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-689942.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-927095 du 09 juin 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-927095.pdf"
    }
  ]
}

CERTFR-2021-AVI-357

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	TECNOMATIX Plan Simulation versions antérieures à 16.0.5
Siemens	N/A	SIMATIC NET CP 1545-1, CP 343-1 toutes versions
Siemens	N/A	SIMATIC NET CP 1243-1, CP 1243-7, CP 1243-8 versions 3.1.39 et ultérieures
Siemens	N/A	SINAMICS SL150, SM150, SM150i toutes versions
Siemens	N/A	SIMATIC IPC127E, IPC427E, IPC477E, IPC527G, IPC547G toutes versions
Siemens	N/A	SINUMERIK ONE 840D et PPU 1740 toutes versions
Siemens	N/A	MENDIX Database Replication versions antérieures à 7.0.1
Siemens	N/A	SINAMICS GH150, GL150 (X30), GM150 (X30), SH150, SM120 avec les versions de HMI Panel antérieures à v16 update 4
Siemens	N/A	RUGGEDCOM RM1224 versions antérieures à 6.4
Siemens	N/A	SIMATIC WinCC runtime advanced versions antérieures à 16 update 4
Siemens	N/A	MENDIX module Excel Importer versions antérieures à 9.0.3
Siemens	N/A	SCALANCE XM-400, XR-500, M-800, S615 versions antérieures à 6.4
Siemens	N/A	SCALANCE W1750D versions v8.3.0.1, v8.6.0 et v8.7.0
Siemens	N/A	SIMATIC MV500 toutes versions
Siemens	N/A	SIMATIC IPC627E, IPC647E, IPC677E, IPC847E versions antérieures à 25.02.08
Siemens	N/A	SIMATIC Cloud Connect 7 toutes versions
Siemens	N/A	SIMATIC HMI versions antérieures à 16 update 4
Siemens	N/A	SINEMA Remote Connect Server versions antérieures à 3.0 SP1
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 toutes versions
Siemens	N/A	SIMATIC Field PG M6 toutes versions
Siemens	N/A	SIMATIC ITP1000 versions antérieures à 23.01.08
Siemens	N/A	TIM 1531 toutes versions
Siemens	N/A	SIMATIC NET CP 1542, CP 1543-1 versions 2.0 et ultérieures
Siemens	N/A	SINUMERIK 828D HW PPU.4, MC MCU 170 toutes versions
Siemens	N/A	SIMATIC S7-1500 CPU 1518-4 ou 1518F-4 toutes versions
Siemens	N/A	SIMATIC Field PG M5 versions antérieures à 22.01.08

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens du 11 mai 2021	None	vendor-advisory
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other
Bulletin de sécurité Siemens du 11 mai 2021	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TECNOMATIX Plan Simulation versions ant\u00e9rieures \u00e0 16.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 1545-1, CP 343-1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 1243-1, CP 1243-7, CP 1243-8 versions 3.1.39 et ult\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS SL150, SM150, SM150i toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC127E, IPC427E, IPC477E, IPC527G, IPC547G toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK ONE 840D et PPU 1740 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "MENDIX Database Replication versions ant\u00e9rieures \u00e0 7.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS GH150, GL150 (X30), GM150 (X30), SH150, SM120 avec les versions de HMI Panel ant\u00e9rieures \u00e0 v16 update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC runtime advanced versions ant\u00e9rieures \u00e0 16 update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "MENDIX module Excel Importer versions ant\u00e9rieures \u00e0 9.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM-400, XR-500, M-800, S615 versions ant\u00e9rieures \u00e0 6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D versions v8.3.0.1, v8.6.0 et v8.7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV500 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC627E, IPC647E, IPC677E, IPC847E versions ant\u00e9rieures \u00e0 25.02.08",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Cloud Connect 7 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC HMI versions ant\u00e9rieures \u00e0 16 update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Field PG M6 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITP1000 versions ant\u00e9rieures \u00e0 23.01.08",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET CP 1542, CP 1543-1 versions 2.0 et ult\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK 828D HW PPU.4, MC MCU 170 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU 1518-4 ou 1518F-4 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Field PG M5 versions ant\u00e9rieures \u00e0 22.01.08",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-25146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25146"
    },
    {
      "name": "CVE-2020-24636",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24636"
    },
    {
      "name": "CVE-2020-15798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15798"
    },
    {
      "name": "CVE-2021-25158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25158"
    },
    {
      "name": "CVE-2019-8262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8262"
    },
    {
      "name": "CVE-2019-8277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8277"
    },
    {
      "name": "CVE-2021-25157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25157"
    },
    {
      "name": "CVE-2021-25144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25144"
    },
    {
      "name": "CVE-2021-27385",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27385"
    },
    {
      "name": "CVE-2021-25661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25661"
    },
    {
      "name": "CVE-2019-8265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8265"
    },
    {
      "name": "CVE-2021-25662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25662"
    },
    {
      "name": "CVE-2021-25161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25161"
    },
    {
      "name": "CVE-2020-8745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8745"
    },
    {
      "name": "CVE-2019-8260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8260"
    },
    {
      "name": "CVE-2021-27386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27386"
    },
    {
      "name": "CVE-2019-8263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8263"
    },
    {
      "name": "CVE-2021-25660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25660"
    },
    {
      "name": "CVE-2020-28393",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28393"
    },
    {
      "name": "CVE-2021-25150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25150"
    },
    {
      "name": "CVE-2019-8261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8261"
    },
    {
      "name": "CVE-2019-8259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8259"
    },
    {
      "name": "CVE-2019-5317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5317"
    },
    {
      "name": "CVE-2021-25145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25145"
    },
    {
      "name": "CVE-2021-31341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31341"
    },
    {
      "name": "CVE-2021-27396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27396"
    },
    {
      "name": "CVE-2020-8698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8698"
    },
    {
      "name": "CVE-2020-25705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25705"
    },
    {
      "name": "CVE-2021-25148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25148"
    },
    {
      "name": "CVE-2019-8280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8280"
    },
    {
      "name": "CVE-2021-27384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27384"
    },
    {
      "name": "CVE-2020-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0591"
    },
    {
      "name": "CVE-2020-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-0590"
    },
    {
      "name": "CVE-2019-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8275"
    },
    {
      "name": "CVE-2021-25149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25149"
    },
    {
      "name": "CVE-2020-25242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25242"
    },
    {
      "name": "CVE-2021-27397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27397"
    },
    {
      "name": "CVE-2019-5319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-5319"
    },
    {
      "name": "CVE-2021-25156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25156"
    },
    {
      "name": "CVE-2019-8264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8264"
    },
    {
      "name": "CVE-2019-19276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19276"
    },
    {
      "name": "CVE-2020-8694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8694"
    },
    {
      "name": "CVE-2021-25160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25160"
    },
    {
      "name": "CVE-2021-25159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25159"
    },
    {
      "name": "CVE-2021-25155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25155"
    },
    {
      "name": "CVE-2021-31339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31339"
    },
    {
      "name": "CVE-2021-27383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27383"
    },
    {
      "name": "CVE-2020-8744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8744"
    },
    {
      "name": "CVE-2021-25143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25143"
    },
    {
      "name": "CVE-2021-25162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25162"
    },
    {
      "name": "CVE-2021-27398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-27398"
    },
    {
      "name": "CVE-2020-24635",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-24635"
    }
  ],
  "initial_release_date": "2021-05-11T00:00:00",
  "last_revision_date": "2021-05-11T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-594364.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-854248.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324955.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-983548.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-723417.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-919955.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-538778.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501073.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-678983.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940818.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-286838.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-116379.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676775.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-752103.pdf"
    }
  ],
  "reference": "CERTFR-2021-AVI-357",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-11T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun d\u00e9ni de service \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens du 11 mai 2021",
      "url": null
    }
  ]
}

CERTFR-2019-AVI-384

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions antérieures à 1.1.0
Schneider Electric	N/A	Wiser for KNX (anciennement homeLYnk) versions antérieures à 2.4.0
Schneider Electric	N/A	Modicon Premium
Schneider Electric	N/A	TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et antérieure, sans le correctif de sécurité TelevisGo_HotFix_20190715.exe
Schneider Electric	N/A	Magelis HMIGTO series
Schneider Electric	N/A	Magelis XBTGH series
Schneider Electric	N/A	Magelis HMIGTUX series
Schneider Electric	N/A	Magelis XBTGC series
Schneider Electric	N/A	Modicon M580 versions antérieures à V2.90
Schneider Electric	N/A	Magelis HMIGTU series
Schneider Electric	N/A	BMXNOR0200H Ethernet / Serial RTU module
Schneider Electric	N/A	Magelis HMISTO series
Schneider Electric	N/A	Magelis HMISCU series
Schneider Electric	N/A	Magelis HMIGXO series
Schneider Electric	Modicon M340	Modicon M340 versions antérieures à V3.10
Schneider Electric	N/A	Schneider Electric Software Update (SESU) SUT Service component versions antérieures à 2.3.1
Schneider Electric	N/A	Magelis XBTGT series
Schneider Electric	N/A	Magelis HMIGXU series
Schneider Electric	N/A	Magelis HMISTU series
Schneider Electric	N/A	spaceLYnk versions antérieures à 2.4.0
Schneider Electric	N/A	Modicon Quantum

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2019-225-06 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-04 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-01 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-03 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-07 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-02 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-134-11 du 13 août 2019	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2019-225-05 du 13 août 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "EcoStruxure Machine Expert HVAC (anciennement SoMachine HVAC) versions ant\u00e9rieures \u00e0 1.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Wiser for KNX (anciennement homeLYnk) versions ant\u00e9rieures \u00e0 2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon Premium",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "TelevisGO versions produites avant le 15 juillet 2019 et utilisant une version de UltraVNC, 1.0.9.6.1 et ant\u00e9rieure, sans le correctif de s\u00e9curit\u00e9 TelevisGo_HotFix_20190715.exe",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMIGTO series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis XBTGH series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMIGTUX series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis XBTGC series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon M580 versions ant\u00e9rieures \u00e0 V2.90",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMIGTU series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "BMXNOR0200H Ethernet / Serial RTU module",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMISTO series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMISCU series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMIGXO series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon M340 versions ant\u00e9rieures \u00e0 V3.10",
      "product": {
        "name": "Modicon M340",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Schneider Electric Software Update (SESU) SUT Service component versions ant\u00e9rieures \u00e0 2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis XBTGT series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMIGXU series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Magelis HMISTU series",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "spaceLYnk versions ant\u00e9rieures \u00e0 2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Modicon Quantum",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-15361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15361"
    },
    {
      "name": "CVE-2019-8262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8262"
    },
    {
      "name": "CVE-2019-8277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8277"
    },
    {
      "name": "CVE-2019-6828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6828"
    },
    {
      "name": "CVE-2019-8265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8265"
    },
    {
      "name": "CVE-2019-8269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8269"
    },
    {
      "name": "CVE-2019-8260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8260"
    },
    {
      "name": "CVE-2019-8263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8263"
    },
    {
      "name": "CVE-2019-6832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6832"
    },
    {
      "name": "CVE-2019-8261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8261"
    },
    {
      "name": "CVE-2019-8276",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8276"
    },
    {
      "name": "CVE-2018-7846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7846"
    },
    {
      "name": "CVE-2019-8259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8259"
    },
    {
      "name": "CVE-2018-7842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7842"
    },
    {
      "name": "CVE-2018-7849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7849"
    },
    {
      "name": "CVE-2019-8271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8271"
    },
    {
      "name": "CVE-2019-6831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6831"
    },
    {
      "name": "CVE-2019-6813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6813"
    },
    {
      "name": "CVE-2019-6809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6809"
    },
    {
      "name": "CVE-2019-6829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6829"
    },
    {
      "name": "CVE-2018-7852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7852"
    },
    {
      "name": "CVE-2019-8267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8267"
    },
    {
      "name": "CVE-2019-6830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6830"
    },
    {
      "name": "CVE-2019-6810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6810"
    },
    {
      "name": "CVE-2018-7854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7854"
    },
    {
      "name": "CVE-2019-8280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8280"
    },
    {
      "name": "CVE-2018-7844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7844"
    },
    {
      "name": "CVE-2018-7847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7847"
    },
    {
      "name": "CVE-2018-7855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7855"
    },
    {
      "name": "CVE-2019-8275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8275"
    },
    {
      "name": "CVE-2019-8274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8274"
    },
    {
      "name": "CVE-2019-6808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6808"
    },
    {
      "name": "CVE-2019-6826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6826"
    },
    {
      "name": "CVE-2018-7850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7850"
    },
    {
      "name": "CVE-2018-7856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7856"
    },
    {
      "name": "CVE-2019-8266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8266"
    },
    {
      "name": "CVE-2019-8270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8270"
    },
    {
      "name": "CVE-2019-6834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6834"
    },
    {
      "name": "CVE-2019-68067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-68067"
    },
    {
      "name": "CVE-2018-7845",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7845"
    },
    {
      "name": "CVE-2019-8258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8258"
    },
    {
      "name": "CVE-2018-7857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7857"
    },
    {
      "name": "CVE-2019-8264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8264"
    },
    {
      "name": "CVE-2019-6833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6833"
    },
    {
      "name": "CVE-2019-8272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8272"
    },
    {
      "name": "CVE-2019-8268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8268"
    },
    {
      "name": "CVE-2019-68077",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-68077"
    },
    {
      "name": "CVE-2019-8273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-8273"
    },
    {
      "name": "CVE-2018-7853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7853"
    },
    {
      "name": "CVE-2018-7843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7843"
    },
    {
      "name": "CVE-2018-7848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7848"
    }
  ],
  "initial_release_date": "2019-08-13T00:00:00",
  "last_revision_date": "2019-08-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2019-AVI-384",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-08-13T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019",
      "revision_date": "2019-08-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-06 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-06-SESU_SUT_Service.pdf\u0026p_Doc_Ref=SEVD-2019-225-06"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-04 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-04_SoMachine_HVAC_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-04"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-01 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-01-Magelis_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-01"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-03 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-03-Modicon-Ethernet+-Serial-RTU-Module-Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-03"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-07 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-07-spaceLYnk-homeLYnk.pdf\u0026p_Doc_Ref=SEVD-2019-225-07"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-02 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-02-Modicon_M340_Controllers_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-02"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-134-11 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-134-11-V2-Modicon-Controllers.pdf\u0026p_Doc_Ref=SEVD-2019-134-11"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2019-225-05 du 13 ao\u00fbt 2019",
      "url": "https://download.schneider-electric.com/files?p_enDocType=Technical+leaflet\u0026p_File_Name=SEVD-2019-225-05-TelevisGO_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2019-225-05"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-8259 (GCVE-0-2019-8259)

Vulnerability from cvelistv5

CERTFR-2020-AVI-349

Vulnerability from certfr_avis

Solution

CERTFR-2021-AVI-357

Vulnerability from certfr_avis

Solution

CERTFR-2019-AVI-384

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature