cvelistv5 - cve-2022-37892

CVE-2022-37892 (GCVE-0-2022-37892)

Vulnerability from cvelistv5

Published

2022-10-07 00:00

Modified

2024-08-03 10:37

Severity ?

CWE

Unauthenticated Stored Cross-Site Scripting

Summary

A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability.

References

URL

Tags

	https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt
	https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf

Impacted products

	Vendor	Product	Version
	n/a	Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;	Version: Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below Version: Aruba InstantOS 6.5.x: 6.5.4.23 and below Version: Aruba InstantOS 8.6.x: 8.6.0.18 and below Version: Aruba InstantOS 8.7.x: 8.7.1.9 and below Version: Aruba InstantOS 8.10.x: 8.10.0.1 and below Version: ArubaOS 10.3.x: 10.3.1.0 and below

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T10:37:41.871Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series;",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Aruba InstantOS 6.4.x:  6.4.4.8-4.2.4.20 and below"
            },
            {
              "status": "affected",
              "version": "Aruba InstantOS 6.5.x:  6.5.4.23 and below"
            },
            {
              "status": "affected",
              "version": "Aruba InstantOS 8.6.x:  8.6.0.18 and below"
            },
            {
              "status": "affected",
              "version": "Aruba InstantOS 8.7.x:  8.7.1.9 and below"
            },
            {
              "status": "affected",
              "version": "Aruba InstantOS 8.10.x: 8.10.0.1 and below"
            },
            {
              "status": "affected",
              "version": "ArubaOS 10.3.x:  10.3.1.0 and below"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the Aruba InstantOS and ArubaOS 10 web management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim\u2019s browser in the context of the affected interface of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InnstantOS that address this security vulnerability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Unauthenticated Stored Cross-Site Scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-08T00:00:00.000Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-506569.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2022-37892",
    "datePublished": "2022-10-07T00:00:00.000Z",
    "dateReserved": "2022-08-08T00:00:00.000Z",
    "dateUpdated": "2024-08-03T10:37:41.871Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTFR-2022-AVI-1001

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions antérieures à V2.50
Siemens	N/A	SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0) versions antérieures à V3.2.19
Siemens	N/A	SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0) versions antérieures à V3.2.19
Siemens	N/A	SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0) versions antérieures à V3.2.19
Siemens	N/A	SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0) versions antérieures à V3.2.19
Siemens	N/A	SINUMERIK MC toutes versions
Siemens	N/A	SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0) toutes versions
Siemens	N/A	SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0) versions antérieures à V3.2.19
Siemens	N/A	SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0) versions antérieures à V3.2.19
Siemens	N/A	SINUMERIK ONE toutes versions
Siemens	N/A	SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0) versions antérieures à V3.2.19
Siemens	N/A	Parasolid versions antérieures à V34.0.254
Siemens	N/A	SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0) versions antérieures à V3.2.19
Siemens	N/A	SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0) versions antérieures à V3.2.19
Siemens	N/A	POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions antérieures à V2.50
Siemens	N/A	Teamcenter Visualization V14.0 versions antérieures à V14.0.0.3
Siemens	N/A	SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0) versions antérieures à V3.3.19
Siemens	N/A	Teamcenter Visualization V14.1 versions antérieures à V14.1.0.4
Siemens	N/A	SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0) versions antérieures à V3.2.19
Siemens	N/A	SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0) toutes versions
Siemens	N/A	SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0) versions antérieures à V3.2.19
Siemens	N/A	SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0) versions antérieures à V3.2.19
Siemens	N/A	SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0) versions antérieures à V3.2.19
Siemens	N/A	SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0) versions antérieures à V3.2.19
Siemens	N/A	SIMATIC Drive Controller family toutes versions
Siemens	N/A	SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0) versions antérieures à V3.2.19
Siemens	N/A	Teamcenter Visualization V13.3 versions antérieures à V13.3.0.7
Siemens	N/A	Parasolid versions antérieures à V35.0.184
Siemens	N/A	JT2Go versions antérieures à V14.1.0.4
Siemens	N/A	SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0) versions antérieures à V3.2.19
Siemens	N/A	SIMATIC S7-PLCSIM Advanced toutes versions
Siemens	N/A	QMS Automotive toutes versions
Siemens	N/A	SIMATIC PC Station versions antérieures à V2.1
Siemens	N/A	SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions
Siemens	N/A	Parasolid versions antérieures à V34.1.244
Siemens	N/A	SIMATIC WinCC Runtime Advanced toutes versions
Siemens	N/A	SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions
Siemens	N/A	SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0) versions antérieures à V3.2.19
Siemens	N/A	SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) toutes versions
Siemens	N/A	SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0) versions antérieures à V3.3.19
Siemens	N/A	RUGGEDCOM ROS toutes versions
Siemens	N/A	SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0) versions antérieures à V3.2.19
Siemens	N/A	SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0) toutes versions
Siemens	N/A	SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0) versions antérieures à V3.2.19
Siemens	N/A	SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) toutes versions
Siemens	N/A	SIMATIC S7-1500 Software Controller toutes versions
Siemens	N/A	SINEC NMS versions antérieures à 1.0.3
Siemens	N/A	SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0) versions antérieures à V3.2.19

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens 853037 du 08 novembre 2022	None	vendor-advisory
Bulletin de sécurité Siemens 478960 du 8 novembre 2022	-	other
Bulletin de sécurité Siemens 568428 du 8 novembre 2022	-	other
Bulletin de sécurité Siemens 853037 du 8 novembre 2022	-	other
Bulletin de sécurité Siemens 120378 du 8 novembre 2022	-	other
Bulletin de sécurité Siemens 587547 du 8 novembre 2022	-	other
Bulletin de sécurité Siemens 506569 du 8 novembre 2022	-	other
Bulletin de sécurité Siemens 570294 du 8 novembre 2022	-	other
Bulletin de sécurité Siemens 787941 du 8 novembre 2022	-	other
Bulletin de sécurité Siemens 371761 du 8 novembre 2022	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA01-2AA1) versions ant\u00e9rieures \u00e0 V2.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS S7-300 CPU 317F-2 PN/DP (6AG1317-2FK14-2AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS S7-300 CPU 315F-2 PN/DP (6AG1315-2FJ14-2AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200pro IM154-8F PN/DP CPU (6ES7154-8FB01-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU 315-2 PN/DP (6ES7315-2EH14-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK MC toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D (ROW) (6GK5750-2HX01-1AA0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS S7-300 CPU 317-2 PN/DP (6AG1317-2EK14-7AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200pro IM154-8FX PN/DP CPU (6ES7154-8FX00-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK ONE toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200S IM151-8 PN/DP CPU (6ES7151-8AB01-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions ant\u00e9rieures \u00e0 V34.0.254",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200pro IM154-8 PN/DP CPU (6ES7154-8AB01-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS ET 200S IM151-8 PN/DP CPU (6AG1151-8AB01-7AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "POWER METER SICAM Q100 (7KG9501-0AA31-2AA1) versions ant\u00e9rieures \u00e0 V2.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.0 versions ant\u00e9rieures \u00e0 V14.0.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS S7-300 CPU 314C-2 PN/DP (6AG1314-6EH04-7AB0) versions ant\u00e9rieures \u00e0 V3.3.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.1 versions ant\u00e9rieures \u00e0 V14.1.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU 315F-2 PN/DP (6ES7315-2FJ14-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D (JP) (6GK5750-2HX01-1AD0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU 317-2 PN/DP (6ES7317-2EK14-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS ET 200S IM151-8F PN/DP CPU (6AG1151-8FB01-2AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS S7-300 CPU 315-2 PN/DP (6AG1315-2EH14-7AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU 315T-3 PN/DP (6ES7315-7TJ10-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Drive Controller family toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU 319-3 PN/DP (6ES7318-3EL01-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.7",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions ant\u00e9rieures \u00e0 V35.0.184",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go versions ant\u00e9rieures \u00e0 V14.1.0.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU 319F-3 PN/DP (6ES7318-3FL01-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM Advanced toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "QMS Automotive toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PC Station versions ant\u00e9rieures \u00e0 V2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions ant\u00e9rieures \u00e0 V34.1.244",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU 317F-2 PN/DP (6ES7317-2FK14-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU 314C-2 PN/DP (6ES7314-6EH04-0AB0) versions ant\u00e9rieures \u00e0 V3.3.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200S IM151-8F PN/DP CPU (6ES7151-8FB01-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W1750D (USA) (6GK5750-2HX01-1AB0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU 317T-3 PN/DP (6ES7317-7TK10-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 1.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 CPU 317TF-3 PN/DP (6ES7317-7UL10-0AB0) versions ant\u00e9rieures \u00e0 V3.2.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-37889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37889"
    },
    {
      "name": "CVE-2022-39157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39157"
    },
    {
      "name": "CVE-2022-41664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41664"
    },
    {
      "name": "CVE-2022-41662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41662"
    },
    {
      "name": "CVE-2022-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37891"
    },
    {
      "name": "CVE-2022-41663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41663"
    },
    {
      "name": "CVE-2022-37888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37888"
    },
    {
      "name": "CVE-2002-20001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-20001"
    },
    {
      "name": "CVE-2022-43397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43397"
    },
    {
      "name": "CVE-2022-43545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43545"
    },
    {
      "name": "CVE-2022-37893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37893"
    },
    {
      "name": "CVE-2022-37892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37892"
    },
    {
      "name": "CVE-2022-39158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39158"
    },
    {
      "name": "CVE-2022-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37890"
    },
    {
      "name": "CVE-2022-43958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43958"
    },
    {
      "name": "CVE-2022-37895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37895"
    },
    {
      "name": "CVE-2022-37896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37896"
    },
    {
      "name": "CVE-2022-41661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41661"
    },
    {
      "name": "CVE-2022-43398",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43398"
    },
    {
      "name": "CVE-2022-39136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39136"
    },
    {
      "name": "CVE-2022-30694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30694"
    },
    {
      "name": "CVE-2021-42550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-42550"
    },
    {
      "name": "CVE-2022-37886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37886"
    },
    {
      "name": "CVE-2022-38465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-38465"
    },
    {
      "name": "CVE-2022-37885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37885"
    },
    {
      "name": "CVE-2022-37887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37887"
    },
    {
      "name": "CVE-2022-37894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37894"
    },
    {
      "name": "CVE-2022-43439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43439"
    },
    {
      "name": "CVE-2022-41660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41660"
    },
    {
      "name": "CVE-2022-43546",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43546"
    }
  ],
  "initial_release_date": "2022-11-08T00:00:00",
  "last_revision_date": "2022-11-08T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens 478960 du 8 novembre 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-478960.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens 568428 du 8 novembre 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-568428.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens 853037 du 8 novembre 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-853037.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens 120378 du 8 novembre 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-120378.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens 587547 du 8 novembre 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-587547.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens 506569 du 8 novembre 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-506569.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens 570294 du 8 novembre 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-570294.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens 787941 du 8 novembre 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-787941.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens 371761 du 8 novembre 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-371761.html"
    }
  ],
  "reference": "CERTFR-2022-AVI-1001",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-11-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens 853037 du 08 novembre 2022",
      "url": null
    }
  ]
}

CERTFR-2022-AVI-862

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans Aruba Access Points. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Aruba InstantOS versions 6.4.x antérieures à 6.4.4.8-4.2.4.21
N/A	N/A	Aruba InstantOS versions 6.5.x antérieures à 6.5.4.24
N/A	N/A	Aruba InstantOS versions 8.6.x antérieures à 8.6.0.19
N/A	N/A	Aruba InstantOS versions 8.7.x antérieures à 8.7.1.10
N/A	N/A	Aruba InstantOS versions 8.10.x antérieures à 8.10.0.2
N/A	N/A	ArubaOS versions 10.3.x antérieures à 10.3.1.1

References

Title

Publication Time

Tags

Bulletin de sécurité Aruba ARUBA-PSA-2022-014 du 27 septembre 2022

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Aruba InstantOS versions 6.4.x ant\u00e9rieures \u00e0 6.4.4.8-4.2.4.21",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Aruba InstantOS versions 6.5.x ant\u00e9rieures \u00e0 6.5.4.24",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Aruba InstantOS versions 8.6.x ant\u00e9rieures \u00e0 8.6.0.19",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Aruba InstantOS versions 8.7.x ant\u00e9rieures \u00e0 8.7.1.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Aruba InstantOS versions 8.10.x ant\u00e9rieures \u00e0 8.10.0.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "ArubaOS versions 10.3.x ant\u00e9rieures \u00e0 10.3.1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-37889",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37889"
    },
    {
      "name": "CVE-2022-37891",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37891"
    },
    {
      "name": "CVE-2022-37888",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37888"
    },
    {
      "name": "CVE-2002-20001",
      "url": "https://www.cve.org/CVERecord?id=CVE-2002-20001"
    },
    {
      "name": "CVE-2022-37893",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37893"
    },
    {
      "name": "CVE-2022-37892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37892"
    },
    {
      "name": "CVE-2022-37890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37890"
    },
    {
      "name": "CVE-2022-37895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37895"
    },
    {
      "name": "CVE-2022-37896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37896"
    },
    {
      "name": "CVE-2022-37886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37886"
    },
    {
      "name": "CVE-2022-37885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37885"
    },
    {
      "name": "CVE-2022-37887",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37887"
    },
    {
      "name": "CVE-2022-37894",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-37894"
    }
  ],
  "initial_release_date": "2022-09-28T00:00:00",
  "last_revision_date": "2022-09-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-862",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-09-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Aruba Access\nPoints. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Aruba Access Points",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Aruba ARUBA-PSA-2022-014 du 27 septembre 2022",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-014.txt"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2022-37892 (GCVE-0-2022-37892)

Vulnerability from cvelistv5

CERTFR-2022-AVI-1001

Vulnerability from certfr_avis

Solution

CERTFR-2022-AVI-862

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature