cvelistv5 - cve-2021-44014

CVE-2021-44014 (GCVE-0-2021-44014)

Vulnerability from cvelistv5

Published

2021-12-14 12:06

Modified

2024-08-04 04:10

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

CWE

CWE-416 - Use After Free

Summary

A vulnerability has been identified in JT Open (All versions < V11.1.1.0), JT Utilities (All versions < V13.1.1.0), Solid Edge (All versions < V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081)

References

URL

Tags

	https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf
	https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf

Impacted products

Vendor

Product

Version

Siemens

JT Open

Version: All versions < V11.1.1.0

	Siemens	JT Utilities	Version: All versions < V13.1.1.0
	Siemens	Solid Edge	Version: All versions < V2023

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:17.199Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "JT Open",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V11.1.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "JT Utilities",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V13.1.1.0"
            }
          ]
        },
        {
          "defaultStatus": "unknown",
          "product": "Solid Edge",
          "vendor": "Siemens",
          "versions": [
            {
              "status": "affected",
              "version": "All versions \u003c V2023"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in JT Open (All versions \u003c V11.1.1.0), JT Utilities (All versions \u003c V13.1.1.0), Solid Edge (All versions \u003c V2023). The Jt1001.dll contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15057, ZDI-CAN-19081)"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-10T11:39:18.959Z",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936212.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2021-44014",
    "datePublished": "2021-12-14T12:06:50.000Z",
    "dateReserved": "2021-11-18T00:00:00.000Z",
    "dateUpdated": "2024-08-04T04:10:17.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2021-AVI-949

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Teamcenter Active Workspace versions 5.2.x antérieures à 5.2.3
Siemens	N/A	JTTK versions antérieures à 11.0.3.0
Siemens	N/A	SiPass integrated versions antérieures à 2.76
Siemens	N/A	SINUMERIK Edge versions antérieures à 3.2
Siemens	N/A	SIMATIC ITC2200 V3 PRO versions antérieures à 3.2.1.0
Siemens	N/A	SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) versions antérieures à 21.00 SP3
Siemens	N/A	Siveillance Identity V5 versions antérieures à 1.6.284, ou sans le correctif de sécurité SP5
Siemens	N/A	Desigo PXC00-U toutes versions postérieures à 2.3
Siemens	N/A	SIMATIC ITC1900 V3 versions antérieures à 3.2.1.0
Siemens	N/A	JT2Go versions antérieures à 13.2.0.5
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) versions antérieures à 2.41
Siemens	N/A	Desigo PXC22.1-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC001-E.D toutes versions postérieures à 2.3
Siemens	N/A	JTTK versions antérieures à 10.8.1.1
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) versions antérieures à 2.41
Siemens	N/A	APOGEE MEC (PPC) (BACnet) toutes versions
Siemens	N/A	Siveillance Identity V1.6 versions antérieures à 1.6.284.0
Siemens	N/A	APOGEE PXC Compact (P2 Ethernet) toutes versions
Siemens	N/A	JTTK versions antérieures à 11.1.1.0
Siemens	N/A	JT Utilities versions antérieures à 12.8.1.1
Siemens	N/A	Desigo PXC50-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC200-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC36.1-E.D toutes versions postérieures à 2.3
Siemens	N/A	Desigo PXC00-E.D toutes versions postérieures à 2.3
Siemens	N/A	SiPass integrated versions antérieures à 2.80
Siemens	N/A	APOGEE PXC Modular (BACnet) toutes versions
Siemens	N/A	Teamcenter Visualization versions antérieures à 13.2.0.5
Siemens	N/A	Desigo PXC22-E.D toutes versions postérieures à 2.3
Siemens	N/A	Simcenter STAR-CCM+ Viewer versions antérieures à 2021.3.1
Siemens	N/A	Teamcenter Active Workspace versions 5.1.x antérieures à 5.1.6
Siemens	N/A	Capital VSTAR toutes versions avec l'option Ethernet activée
Siemens	N/A	SiPass integrated versions antérieures à 2.85
Siemens	N/A	JT Utilities versions antérieures à 13.1.1.0
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions antérieures à 2.41
Siemens	N/A	Desigo PXC100-E.D toutes versions postérieures à 2.3
Siemens	N/A	ModelSim Simulation toutes versions
Siemens	N/A	APOGEE PXC Modular (P2 Ethernet) toutes versions
Siemens	N/A	SIMATIC ITC2200 V3 versions antérieures à 3.2.1.0
Siemens	N/A	Desigo PXC12-E.D toutes versions postérieures à 2.3
Siemens	N/A	Questa Simulation toutes versions
Siemens	N/A	JT Utilities versions antérieures à 13.0.3.0
Siemens	N/A	Teamcenter Active Workspace versions 5.0.x antérieures à 5.0.10
Siemens	N/A	Desigo PXC128-U toutes versions postérieures à 2.3
Siemens	N/A	APOGEE MEC (PPC) (P2 Ethernet) toutes versions
Siemens	N/A	SIMATIC ITC1900 V3 PRO versions antérieures à 3.2.1.0
Siemens	N/A	Teamcenter Active Workspace versions 4.3.x antérieures à V4.3.11
Siemens	N/A	APOGEE PXC Compact (BACnet) toutes versions
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions antérieures à 2.41
Siemens	N/A	APOGEE MBC (PPC) (P2 Ethernet) toutes versions
Siemens	N/A	APOGEE MBC (PPC) (BACnet) toutes versions
Siemens	N/A	SIMATIC ITC1500 V3 PRO versions antérieures à 3.2.1.0
Siemens	N/A	SIMATIC ITC1500 V3 versions antérieures à 3.2.1.0
Siemens	N/A	Desigo PXC64-U toutes versions postérieures à 2.3

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-620288 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-133772 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-199605 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-595101 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-496292 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-400332 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-463116 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-523250 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-352143 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-390195 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-396621 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-802578 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-160202 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-161331 du 14 décembre 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-114589 du 14 décembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Teamcenter Active Workspace versions 5.2.x ant\u00e9rieures \u00e0 5.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JTTK versions ant\u00e9rieures \u00e0 11.0.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.76",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Edge versions ant\u00e9rieures \u00e0 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC eaSie PCS 7 Skill Package (6DL5424-0BX00-0AV8) versions ant\u00e9rieures \u00e0 21.00 SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Identity V5 versions ant\u00e9rieures \u00e0 1.6.284, ou sans le correctif de s\u00e9curit\u00e9 SP5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC00-U toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 13.2.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA01-0AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC22.1-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC001-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JTTK versions ant\u00e9rieures \u00e0 10.8.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA31-0AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MEC (PPC) (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Siveillance Identity V1.6 versions ant\u00e9rieures \u00e0 1.6.284.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JTTK versions ant\u00e9rieures \u00e0 11.1.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 12.8.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC50-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC200-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC36.1-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC00-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions ant\u00e9rieures \u00e0 13.2.0.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC22-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter STAR-CCM+ Viewer versions ant\u00e9rieures \u00e0 2021.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace versions 5.1.x ant\u00e9rieures \u00e0 5.1.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Capital VSTAR toutes versions avec l\u0027option Ethernet activ\u00e9e",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated versions ant\u00e9rieures \u00e0 2.85",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 13.1.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC100-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "ModelSim Simulation toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC2200 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC12-E.D toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Questa Simulation toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 13.0.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace versions 5.0.x ant\u00e9rieures \u00e0 5.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC128-U toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MEC (PPC) (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1900 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace versions 4.3.x ant\u00e9rieures \u00e0 V4.3.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions ant\u00e9rieures \u00e0 2.41",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MBC (PPC) (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE MBC (PPC) (BACnet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 PRO versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITC1500 V3 versions ant\u00e9rieures \u00e0 3.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Desigo PXC64-U toutes versions post\u00e9rieures \u00e0 2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-44443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44443"
    },
    {
      "name": "CVE-2021-31881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31881"
    },
    {
      "name": "CVE-2021-44444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44444"
    },
    {
      "name": "CVE-2021-44009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44009"
    },
    {
      "name": "CVE-2021-31888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31888"
    },
    {
      "name": "CVE-2021-44447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44447"
    },
    {
      "name": "CVE-2018-20749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20749"
    },
    {
      "name": "CVE-2021-44013",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44013"
    },
    {
      "name": "CVE-2021-31885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31885"
    },
    {
      "name": "CVE-2021-31887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31887"
    },
    {
      "name": "CVE-2019-15690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15690"
    },
    {
      "name": "CVE-2021-44012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44012"
    },
    {
      "name": "CVE-2020-14396",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14396"
    },
    {
      "name": "CVE-2021-44001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44001"
    },
    {
      "name": "CVE-2020-14404",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14404"
    },
    {
      "name": "CVE-2021-44430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44430"
    },
    {
      "name": "CVE-2021-44440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44440"
    },
    {
      "name": "CVE-2021-44432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44432"
    },
    {
      "name": "CVE-2021-44445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44445"
    },
    {
      "name": "CVE-2021-31884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31884"
    },
    {
      "name": "CVE-2021-44434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44434"
    },
    {
      "name": "CVE-2021-44449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44449"
    },
    {
      "name": "CVE-2019-15681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-15681"
    },
    {
      "name": "CVE-2021-44435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44435"
    },
    {
      "name": "CVE-2021-42023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42023"
    },
    {
      "name": "CVE-2021-44442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44442"
    },
    {
      "name": "CVE-2021-44002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44002"
    },
    {
      "name": "CVE-2021-44014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44014"
    },
    {
      "name": "CVE-2021-44436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44436"
    },
    {
      "name": "CVE-2021-31882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31882"
    },
    {
      "name": "CVE-2021-44438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44438"
    },
    {
      "name": "CVE-2021-44006",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44006"
    },
    {
      "name": "CVE-2021-41547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41547"
    },
    {
      "name": "CVE-2021-44008",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44008"
    },
    {
      "name": "CVE-2021-44017",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44017"
    },
    {
      "name": "CVE-2021-44441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44441"
    },
    {
      "name": "CVE-2021-44011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44011"
    },
    {
      "name": "CVE-2018-20748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20748"
    },
    {
      "name": "CVE-2019-20788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20788"
    },
    {
      "name": "CVE-2021-44446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44446"
    },
    {
      "name": "CVE-2021-44010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44010"
    },
    {
      "name": "CVE-2021-44522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44522"
    },
    {
      "name": "CVE-2021-44448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44448"
    },
    {
      "name": "CVE-2021-44523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44523"
    },
    {
      "name": "CVE-2019-20840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20840"
    },
    {
      "name": "CVE-2021-31346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31346"
    },
    {
      "name": "CVE-2018-20750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20750"
    },
    {
      "name": "CVE-2021-42022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42022"
    },
    {
      "name": "CVE-2021-44433",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44433"
    },
    {
      "name": "CVE-2021-44004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44004"
    },
    {
      "name": "CVE-2017-18922",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-18922"
    },
    {
      "name": "CVE-2021-44524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44524"
    },
    {
      "name": "CVE-2021-44003",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44003"
    },
    {
      "name": "CVE-2021-44007",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44007"
    },
    {
      "name": "CVE-2021-42024",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42024"
    },
    {
      "name": "CVE-2019-20839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20839"
    },
    {
      "name": "CVE-2021-44431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44431"
    },
    {
      "name": "CVE-2021-31889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31889"
    },
    {
      "name": "CVE-2021-44005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44005"
    },
    {
      "name": "CVE-2020-14402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14402"
    },
    {
      "name": "CVE-2020-14397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14397"
    },
    {
      "name": "CVE-2021-31883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31883"
    },
    {
      "name": "CVE-2020-14398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14398"
    },
    {
      "name": "CVE-2020-14403",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14403"
    },
    {
      "name": "CVE-2021-44439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44439"
    },
    {
      "name": "CVE-2021-44015",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44015"
    },
    {
      "name": "CVE-2021-44437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44437"
    },
    {
      "name": "CVE-2021-31886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31886"
    },
    {
      "name": "CVE-2021-44450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44450"
    },
    {
      "name": "CVE-2021-42027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42027"
    },
    {
      "name": "CVE-2021-31890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31890"
    },
    {
      "name": "CVE-2020-14405",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14405"
    },
    {
      "name": "CVE-2021-31345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31345"
    },
    {
      "name": "CVE-2018-20019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20019"
    },
    {
      "name": "CVE-2018-15127",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15127"
    },
    {
      "name": "CVE-2018-21247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-21247"
    },
    {
      "name": "CVE-2021-44165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44165"
    },
    {
      "name": "CVE-2021-31344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-31344"
    },
    {
      "name": "CVE-2020-14401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14401"
    }
  ],
  "initial_release_date": "2021-12-15T00:00:00",
  "last_revision_date": "2021-12-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-949",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-620288 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-620288.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-133772 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-133772.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-199605 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-199605.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-595101 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-595101.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-496292 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-496292.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-400332 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-400332.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-463116 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-463116.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-523250 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-523250.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-352143 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-352143.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-390195 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-390195.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-396621 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-396621.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-802578 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-802578.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-160202 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160202.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-161331 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-161331.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-114589 du 14 d\u00e9cembre 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-114589.pdf"
    }
  ]
}

CERTFR-2023-AVI-0015

Vulnerability from certfr_avis

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.5.0
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller versions antérieures à V4.1.1 Patch 05
Siemens	N/A	SINEC INS versions antérieures à V1.0 SP2 Update 1
Siemens	N/A	SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions antérieures à V5.4.2
Siemens	N/A	Solid Edge versions antérieures à V2023 MP1
Siemens	N/A	JT Open versions antérieures à V13.1.1.0
Siemens	N/A	Mendix SAML (Mendix 9 compatible, New Track) versions V3.3.x antérieures à V3.3.9
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5.0 Patch 01
Siemens	N/A	Mendix SAML (Mendix 9 compatible, Upgrade Track) versions V3.3.x antérieures à V3.3.8
Siemens	N/A	Automation License Manager V5
Siemens	N/A	JT Open versions antérieures à V11.1.1.0
Siemens	N/A	Mendix SAML (Mendix 8 compatible) versions V2.3.x antérieures à V2.3.4
Siemens	N/A	Automation License Manager versions V6 antérieures à V6 SP9 Upd4
Siemens	N/A	De nombreux produits SIMATIC, SIMOTION, SINAMICS, SINUMERIK et SIPLUS (Se référer au bulletin de sécurité de l'éditeur pour les versions affectées)

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-936212 du 10 janvier 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-482757 du 10 janvier 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-332410 du 10 janvier 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-476715 du 10 janvier 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-431678 du 10 janvier 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-997779 du 10 janvier 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-592007 du 10 janvier 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-349422 du 10 janvier 2023	None	vendor-advisory
Bulletin de sécurité Siemens ssa-496604 du 10 janvier 2023	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller versions ant\u00e9rieures \u00e0 V4.1.1 Patch 05",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC INS versions ant\u00e9rieures \u00e0 V1.0 SP2 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) versions ant\u00e9rieures \u00e0 V5.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge versions ant\u00e9rieures \u00e0 V2023 MP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Open versions ant\u00e9rieures \u00e0 V13.1.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML (Mendix 9 compatible, New Track) versions V3.3.x ant\u00e9rieures \u00e0 V3.3.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5.0 Patch 01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML (Mendix 9 compatible, Upgrade Track) versions V3.3.x ant\u00e9rieures \u00e0 V3.3.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Automation License Manager V5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Open versions ant\u00e9rieures \u00e0 V11.1.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML (Mendix 8 compatible) versions V2.3.x ant\u00e9rieures \u00e0 V2.3.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Automation License Manager versions V6 ant\u00e9rieures \u00e0 V6 SP9 Upd4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "De nombreux produits SIMATIC, SIMOTION, SINAMICS, SINUMERIK et SIPLUS (Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les versions affect\u00e9es)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32213"
    },
    {
      "name": "CVE-2022-35256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35256"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2022-38773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38773"
    },
    {
      "name": "CVE-2022-47935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47935"
    },
    {
      "name": "CVE-2022-45093",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45093"
    },
    {
      "name": "CVE-2022-2068",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2068"
    },
    {
      "name": "CVE-2022-45092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45092"
    },
    {
      "name": "CVE-2022-45094",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45094"
    },
    {
      "name": "CVE-2021-44002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44002"
    },
    {
      "name": "CVE-2021-44014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44014"
    },
    {
      "name": "CVE-2022-43513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43513"
    },
    {
      "name": "CVE-2022-32222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32222"
    },
    {
      "name": "CVE-2022-32212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32212"
    },
    {
      "name": "CVE-2019-13940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13940"
    },
    {
      "name": "CVE-2019-10923",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-10923"
    },
    {
      "name": "CVE-2022-2274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2274"
    },
    {
      "name": "CVE-2022-32215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32215"
    },
    {
      "name": "CVE-2018-4843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4843"
    },
    {
      "name": "CVE-2022-47967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47967"
    },
    {
      "name": "CVE-2022-46823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46823"
    },
    {
      "name": "CVE-2022-2097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-2097"
    },
    {
      "name": "CVE-2022-35255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35255"
    },
    {
      "name": "CVE-2022-43514",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43514"
    }
  ],
  "initial_release_date": "2023-01-10T00:00:00",
  "last_revision_date": "2023-01-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2023-AVI-0015",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-01-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-936212 du 10 janvier 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-936212.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-482757 du 10 janvier 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-482757.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-332410 du 10 janvier 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-332410.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-476715 du 10 janvier 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-476715.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-431678 du 10 janvier 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-431678.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-997779 du 10 janvier 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-997779.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-592007 du 10 janvier 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-592007.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-349422 du 10 janvier 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-349422.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-496604 du 10 janvier 2023",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-496604.html"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-44014 (GCVE-0-2021-44014)

Vulnerability from cvelistv5

CERTFR-2021-AVI-949

Vulnerability from certfr_avis

Solution

CERTFR-2023-AVI-0015

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature