cvelistv5 - cve-2022-23448

CVE-2022-23448 (GCVE-0-2022-23448)

Vulnerability from cvelistv5

Published

2022-04-12 09:07

Modified

2024-08-03 03:43

Severity ?

CWE

CWE-732 - Incorrect Permission Assignment for Critical Resource

Summary

A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.

References

URL

CERTFR-2022-AVI-329

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits SIEMENS. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SCALANCE X308-2 versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X307-3 versions antérieures à V4.1.4
Siemens	N/A	SIMIT Simulation Platform toutes versions
Siemens	N/A	Gamme SIMATIC S7-300 (y compris CPUs ET200 et variantes SIPLUS) toutes versions
Siemens	N/A	Gamme SIMATIC S7-400 PN/DP V7 (y compris variantes SIPLUS) toutes versions
Siemens	N/A	SIMATIC CFU DIQ (6ES7655-5PX31-1XX0) toutes versions
Siemens	N/A	SIMATIC WinAC RTX toutes versions
Siemens	N/A	SINETPLAN toutes versions
Siemens	N/A	SIMATIC TDC CP51M1 toutes versions
Siemens	N/A	SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0) versions antérieures à V3.0.0
Siemens	N/A	SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3) versions antérieures à V4.1.4
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) versions antérieures à V17 Update 2
Siemens	N/A	SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0) versions antérieures à V3.0.0
Siemens	N/A	SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0) versions antérieures à V3.0.0
Siemens	N/A	SCALANCE X310 versions antérieures à V4.1.4
Siemens	N/A	SCALANCE XR324-4M PoE TS versions antérieures à V4.1.4
Siemens	N/A	SIMATIC PCS neo (Administration Console) versions antérieures à V3.1 SP1
Siemens	N/A	SCALANCE X308-2LD versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X308-2M PoE versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X304-2FE (6GK5304-2BD00-2AA3) versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3) versions antérieures à V4.1.4
Siemens	N/A	TIA Portal V15, V15.1, V16 et V17
Siemens	N/A	SIMATIC TDC CPU555 toutes versions
Siemens	N/A	SCALANCE XR324-4M EEC versions antérieures à V4.1.4
Siemens	N/A	SICAM A8000 CP-8050 (6MF2805-0AA00) versions antérieures à V4.80
Siemens	N/A	SIMATIC Energy Manager PRO versions antérieures à V7.3 Update 1
Siemens	N/A	SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0) versions antérieures à V3.0.0
Siemens	N/A	SCALANCE X408-2 (6GK5408-2FD00-2AA2) versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X308-2LH versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X307-3LD versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X302-7 EEC versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X308-2LH+ versions antérieures à V4.1.4
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) versions antérieures à V16 Update 5
Siemens	N/A	SCALANCE X320-1 FE (6GK5320-1BD00-2AA3) versions antérieures à V4.1.4
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V15 toutes versions
Siemens	N/A	SCALANCE X308-2M TS versions antérieures à V4.1.4
Siemens	N/A	Mendix Applications using Mendix 9 versions antérieures à V9.12.0
Siemens	N/A	SCALANCE XR324-12M TS versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X310FE versions antérieures à V4.1.4
Siemens	N/A	SCALANCE X307-2 EEC versions antérieures à V4.1.4
Siemens	N/A	Simcenter Femap versions antérieures à V2022.1.
Siemens	N/A	SCALANCE XR324-12M versions antérieures à V4.1.4
Siemens	N/A	Gamme SIMATIC S7-410 V8 (y compris variantes SIPLUS) toutes versions
Siemens	N/A	Gamme SIMATIC S7-1500 (y compris CPUs ET200 et variantes SIPLUS) versions antérieures à V2.0.0
Siemens	N/A	Mendix Applications using Mendix 7 versions antérieures à V7.23.27 (ne corrige pas toutes les CVE)
Siemens	N/A	SCALANCE X308-2M versions antérieures à V4.1.4
Siemens	N/A	Gamme SIMATIC S7-400 H V6 (y compris variantes SIPLUS) versions antérieures à V6.0.10
Siemens	N/A	SIMATIC CFU PA (6ES7655-5PX11-0XX0) toutes versions
Siemens	N/A	SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3) versions antérieures à V4.1.4
Siemens	N/A	SIMATIC Energy Manager Basic versions antérieures à V7.3 Update 1
Siemens	N/A	SICAM A8000 CP-8031 (6MF2803-1AA00) versions antérieures à V4.80
Siemens	N/A	Gamme SIMATIC S7-410 V10 (y compris variantes SIPLUS) toutes versions
Siemens	N/A	Mendix Applications using Mendix 8 versions antérieures à V8.18.14 (ne corrige pas toutes les CVE)

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-446448 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-557541 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-655554 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-414513 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-870917 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-316850 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-836527 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-711829 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-392912 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-350757 du 12 avril 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-998762 du 12 avril 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SCALANCE X308-2 versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X307-3 versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMIT Simulation Platform toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-300 (y compris CPUs ET200 et variantes SIPLUS) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-400 PN/DP V7 (y compris variantes SIPLUS) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CFU DIQ (6ES7655-5PX31-1XX0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinAC RTX toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINETPLAN toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC TDC CP51M1 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1788-2 EEC M12 (6GK5788-2GY01-0TA0) versions ant\u00e9rieures \u00e0 V3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) versions ant\u00e9rieures \u00e0 V17 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1788-1 M12 (6GK5788-1GY01-0AA0) versions ant\u00e9rieures \u00e0 V3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1788-2IA M12 (6GK5788-2HY01-0AA0) versions ant\u00e9rieures \u00e0 V3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X310 versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-4M PoE TS versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo (Administration Console) versions ant\u00e9rieures \u00e0 V3.1 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2LD versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2M PoE versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X304-2FE (6GK5304-2BD00-2AA3) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V15, V15.1, V16 et V17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC TDC CPU555 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-4M EEC versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM A8000 CP-8050 (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 V4.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Energy Manager PRO versions ant\u00e9rieures \u00e0 V7.3 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1788-2 M12 (6GK5788-2GY01-0AA0) versions ant\u00e9rieures \u00e0 V3.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X408-2 (6GK5408-2FD00-2AA2) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2LH versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X307-3LD versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X302-7 EEC versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2LH+ versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) versions ant\u00e9rieures \u00e0 V16 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X320-1 FE (6GK5320-1BD00-2AA3) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2M TS versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Applications using Mendix 9 versions ant\u00e9rieures \u00e0 V9.12.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-12M TS versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X310FE versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X307-2 EEC versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter Femap versions ant\u00e9rieures \u00e0 V2022.1.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR324-12M versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-410 V8 (y compris variantes SIPLUS) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-1500 (y compris CPUs ET200 et variantes SIPLUS) versions ant\u00e9rieures \u00e0 V2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Applications using Mendix 7 versions ant\u00e9rieures \u00e0 V7.23.27 (ne corrige pas toutes les CVE)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X308-2M versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-400 H V6 (y compris variantes SIPLUS) versions ant\u00e9rieures \u00e0 V6.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CFU PA (6ES7655-5PX11-0XX0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3) versions ant\u00e9rieures \u00e0 V4.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Energy Manager Basic versions ant\u00e9rieures \u00e0 V7.3 Update 1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM A8000 CP-8031 (6MF2803-1AA00) versions ant\u00e9rieures \u00e0 V4.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Gamme SIMATIC S7-410 V10 (y compris variantes SIPLUS) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Applications using Mendix 8 versions ant\u00e9rieures \u00e0 V8.18.14 (ne corrige pas toutes les CVE)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-27241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27241"
    },
    {
      "name": "CVE-2022-26380",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26380"
    },
    {
      "name": "CVE-2022-27194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27194"
    },
    {
      "name": "CVE-2022-25754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25754"
    },
    {
      "name": "CVE-2022-28661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28661"
    },
    {
      "name": "CVE-2022-23448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23448"
    },
    {
      "name": "CVE-2022-25753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25753"
    },
    {
      "name": "CVE-2021-40368",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40368"
    },
    {
      "name": "CVE-2022-26335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26335"
    },
    {
      "name": "CVE-2022-26334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26334"
    },
    {
      "name": "CVE-2022-23450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23450"
    },
    {
      "name": "CVE-2022-28328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28328"
    },
    {
      "name": "CVE-2022-27481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27481"
    },
    {
      "name": "CVE-2022-25756",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25756"
    },
    {
      "name": "CVE-2022-25751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25751"
    },
    {
      "name": "CVE-2022-28329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28329"
    },
    {
      "name": "CVE-2022-25650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25650"
    },
    {
      "name": "CVE-2022-28663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28663"
    },
    {
      "name": "CVE-2022-27480",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27480"
    },
    {
      "name": "CVE-2022-28662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28662"
    },
    {
      "name": "CVE-2021-42029",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42029"
    },
    {
      "name": "CVE-2022-25622",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25622"
    },
    {
      "name": "CVE-2022-25752",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25752"
    },
    {
      "name": "CVE-2022-25755",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25755"
    },
    {
      "name": "CVE-2022-23449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23449"
    }
  ],
  "initial_release_date": "2022-04-12T00:00:00",
  "last_revision_date": "2022-04-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-329",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-04-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSIEMENS. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SIEMENS",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-446448 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-446448.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-557541 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-557541.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-655554 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-655554.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-414513 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-414513.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-870917 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-870917.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-316850 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-316850.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-836527 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-836527.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-711829 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-711829.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-392912 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-392912.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-350757 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-350757.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-998762 du 12 avril 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-998762.html"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted