Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-13924 (GCVE-0-2019-13924)
Vulnerability from cvelistv5 – Published: 2020-02-11 00:00 – Updated: 2024-08-05 00:05
VLAI?
EPSS
Summary
A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.
Severity ?
No CVSS data available.
CWE
- CWE-693 - Protection Mechanism Failure
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | SCALANCE S602 |
Affected:
All versions < V4.1
|
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:05:43.919Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SCALANCE S602",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE S612",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE S623",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE S627-2M",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4.1"
}
]
},
{
"product": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 5.2.4"
}
]
},
{
"product": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.5.0"
}
]
},
{
"product": "SCALANCE X-200RNA switch family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.7"
}
]
},
{
"product": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 4.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE S602 (All versions \u003c V4.1), SCALANCE S612 (All versions \u003c V4.1), SCALANCE S623 (All versions \u003c V4.1), SCALANCE S627-2M (All versions \u003c V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-200RNA switch family (All versions \u003c V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-13924",
"datePublished": "2020-02-11T00:00:00",
"dateReserved": "2019-07-18T00:00:00",
"dateUpdated": "2024-08-05T00:05:43.919Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.2.4\", \"matchCriteriaId\": \"C4E946F8-C80D-4765-AB71-5A69C4B167E9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7719E194-EE3D-4CE8-8C85-CF0D82A553AA\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_xf-200_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.2.4\", \"matchCriteriaId\": \"72EABB5D-56FE-4AF7-BDE4-B920566AB9A3\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:scalance_xf-200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB503096-C528-478C-BD07-019C2CC882E4\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.2.4\", \"matchCriteriaId\": \"3E0EEF4A-CC34-4F10-9BED-0EB1BE23811F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F962FC7-0616-467F-8CCA-ADEA224B5F7B\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"602CAF2E-2276-455C-82E5-A05BBFC198C5\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94C7BE35-D3A6-488C-BB3D-D17D65DF4B80\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"5.2.4\", \"matchCriteriaId\": \"6C09B7A1-FC9C-4FF7-BA75-8AD8CE933C5C\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CB3CC2D-CBF0-4F53-A412-01BBC39E34C2\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.1.3\", \"matchCriteriaId\": \"02B398C3-3EDD-4FD4-977A-8461DB27CC49\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"434BC9BE-C5DB-4DAF-8E07-DFE4EEA0D7FE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.1.3\", \"matchCriteriaId\": \"076F3DDE-2B70-4F53-9B12-7CE3D9641E7E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B2D0AB50-6F0B-4232-8C8E-1647410D362D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.1.3\", \"matchCriteriaId\": \"129E733C-0BF1-4DF0-9772-66009BA3C64D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"889CF2C0-EE6C-447F-85F1-005730EAD232\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in SCALANCE S602 (All versions \u003c V4.1), SCALANCE S612 (All versions \u003c V4.1), SCALANCE S623 (All versions \u003c V4.1), SCALANCE S627-2M (All versions \u003c V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-200RNA switch family (All versions \u003c V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en la SCALANCE S602 (Todas las versiones anteriores a V4.1), SCALANCE S612 (Todas las versiones anteriores a V4.1), SCALANCE S623 (Todas las versiones anteriores a V4.1), SCALANCE S627-2M (Todas las versiones anteriores a V4.1), familia de switches SCALANCE X-200 (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a 5.2.4), familia de switches SCALANCE X-200IRT (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a V5.5.0), familia de switches SCALANCE X-300 (incluidas las variantes X408 y SIPLUS NET) (Todas las versiones anteriores a 4.1.3). El dispositivo no env\\u00eda el encabezado X-Frame-Option en la interfaz web administrativa, lo que lo hace vulnerable a los ataques de Clickjacking. La vulnerabilidad de seguridad podr\\u00eda ser explotada por un atacante que es capaz de enga\\u00f1ar a un usuario administrativo con una sesi\\u00f3n v\\u00e1lida en el dispositivo de destino para que haga clic en un sitio web controlado por el atacante. La vulnerabilidad podr\\u00eda permitir a un atacante realizar acciones administrativas a trav\\u00e9s de la interfaz web\"}]",
"id": "CVE-2019-13924",
"lastModified": "2024-11-21T04:25:42.543",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2020-02-11T16:15:14.430",
"references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-20-042-07\", \"source\": \"productcert@siemens.com\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsa-20-042-07\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-693\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-1021\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2019-13924\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2020-02-11T16:15:14.430\",\"lastModified\":\"2024-11-21T04:25:42.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in SCALANCE S602 (All versions \u003c V4.1), SCALANCE S612 (All versions \u003c V4.1), SCALANCE S623 (All versions \u003c V4.1), SCALANCE S627-2M (All versions \u003c V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-200RNA switch family (All versions \u003c V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en la SCALANCE S602 (Todas las versiones anteriores a V4.1), SCALANCE S612 (Todas las versiones anteriores a V4.1), SCALANCE S623 (Todas las versiones anteriores a V4.1), SCALANCE S627-2M (Todas las versiones anteriores a V4.1), familia de switches SCALANCE X-200 (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a 5.2.4), familia de switches SCALANCE X-200IRT (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a V5.5.0), familia de switches SCALANCE X-300 (incluidas las variantes X408 y SIPLUS NET) (Todas las versiones anteriores a 4.1.3). El dispositivo no env\u00eda el encabezado X-Frame-Option en la interfaz web administrativa, lo que lo hace vulnerable a los ataques de Clickjacking. La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante que es capaz de enga\u00f1ar a un usuario administrativo con una sesi\u00f3n v\u00e1lida en el dispositivo de destino para que haga clic en un sitio web controlado por el atacante. La vulnerabilidad podr\u00eda permitir a un atacante realizar acciones administrativas a trav\u00e9s de la interfaz web\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-693\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1021\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.4\",\"matchCriteriaId\":\"C4E946F8-C80D-4765-AB71-5A69C4B167E9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7719E194-EE3D-4CE8-8C85-CF0D82A553AA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xf-200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.4\",\"matchCriteriaId\":\"72EABB5D-56FE-4AF7-BDE4-B920566AB9A3\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xf-200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB503096-C528-478C-BD07-019C2CC882E4\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.4\",\"matchCriteriaId\":\"3E0EEF4A-CC34-4F10-9BED-0EB1BE23811F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F962FC7-0616-467F-8CCA-ADEA224B5F7B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"602CAF2E-2276-455C-82E5-A05BBFC198C5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94C7BE35-D3A6-488C-BB3D-D17D65DF4B80\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"5.2.4\",\"matchCriteriaId\":\"6C09B7A1-FC9C-4FF7-BA75-8AD8CE933C5C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CB3CC2D-CBF0-4F53-A412-01BBC39E34C2\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"02B398C3-3EDD-4FD4-977A-8461DB27CC49\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"434BC9BE-C5DB-4DAF-8E07-DFE4EEA0D7FE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"076F3DDE-2B70-4F53-9B12-7CE3D9641E7E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2D0AB50-6F0B-4232-8C8E-1647410D362D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.1.3\",\"matchCriteriaId\":\"129E733C-0BF1-4DF0-9772-66009BA3C64D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"889CF2C0-EE6C-447F-85F1-005730EAD232\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsa-20-042-07\",\"source\":\"productcert@siemens.com\"},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsa-20-042-07\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2021-AVI-256
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens SCALANCE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SCALANCE X202-2P IRT (incl. SIPLUS NET vari-ant) versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X204-2LD TS toutes versions | ||
| Siemens | N/A | SCALANCE X-200 switch family (incl. SIPLUSNET variants) versions antérieures à 5.2.4 | ||
| Siemens | N/A | SCALANCE X204-2TS toutes versions | ||
| Siemens | N/A | SCALANCE XF202-2P IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE XF206-1 toutes versions | ||
| Siemens | N/A | SCALANCE X206-1 toutes versions | ||
| Siemens | N/A | SCALANCE XF204 IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X-300 switch family (incl. X408 andSIPLUS NET variants) versions antérieures à 4.1.3 | ||
| Siemens | N/A | SCALANCE X224 toutes versions | ||
| Siemens | N/A | SCALANCE X204 IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X204 IRT PRO versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X216 toutes versions | ||
| Siemens | N/A | SCALANCE XF204 toutes versions | ||
| Siemens | N/A | SCALANCE XF204-2BA IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X-200IRT switch family (incl. SIPLUSNET variants) versions antérieures à 5.5.0 | ||
| Siemens | N/A | SCALANCE X200-4P IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X202-2P IRT PRO versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE XF204-2 (incl. SIPLUS NET vari-ant) toutes versions | ||
| Siemens | N/A | SCALANCE X204-2LD (incl. SIPLUS NET vari-ant) toutes versions | ||
| Siemens | N/A | SCALANCE S627-2M versions antérieures à 4.1 | ||
| Siemens | N/A | SCALANCE X202-2 IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X201-3P IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X208PRO toutes versions | ||
| Siemens | N/A | SCALANCE S602 versions antérieures à 4.1 | ||
| Siemens | N/A | SCALANCE S623 versions antérieures à 4.1 | ||
| Siemens | N/A | SCALANCE X206-1LD toutes versions | ||
| Siemens | N/A | SCALANCE X204-2FM toutes versions | ||
| Siemens | N/A | SCALANCE XF208 toutes versions | ||
| Siemens | N/A | SCALANCE XF201-3P IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X208 (incl. SIPLUS NET variant) toutes versions | ||
| Siemens | N/A | SCALANCE X212-2LD toutes versions | ||
| Siemens | N/A | SCALANCE X204-2 (incl. SIPLUS NET variant) toutes versions | ||
| Siemens | N/A | SCALANCE S612 versions antérieures à 4.1 | ||
| Siemens | N/A | SCALANCE X212-2 (incl. SIPLUS NET variant) toutes versions | ||
| Siemens | N/A | SCALANCE X201-3P IRT PRO versions antérieures à 5.5.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCALANCE X202-2P IRT (incl. SIPLUS NET vari-ant) versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2LD TS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 switch family (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 5.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2TS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF202-2P IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF206-1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X206-1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204 IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-300 switch family (incl. X408 andSIPLUS NET variants) versions ant\u00e9rieures \u00e0 4.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X224 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204 IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204 IRT PRO versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X216 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2BA IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT switch family (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X200-4P IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT PRO versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2 (incl. SIPLUS NET vari-ant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2LD (incl. SIPLUS NET vari-ant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S627-2M versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2 IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X208PRO toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S602 versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S623 versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X206-1LD toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2FM toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF208 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF201-3P IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X208 (incl. SIPLUS NET variant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X212-2LD toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2 (incl. SIPLUS NET variant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S612 versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X212-2 (incl. SIPLUS NET variant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT PRO versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25669",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25669"
},
{
"name": "CVE-2019-13924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
},
{
"name": "CVE-2021-25668",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25668"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-256",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens SCALANCE. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens SCALANCE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-187092 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-951513 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
}
]
}
CERTFR-2022-AVI-1094
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC NET PC Software V15 toutes versions | ||
| Siemens | N/A | PLM Help Server V4.2 toutes versions | ||
| Siemens | N/A | SINAMICS Startdrive versions antérieures à V16 Update 3 | ||
| Siemens | N/A | SCALANCE X-200RNA toutes versions | ||
| Siemens | N/A | Parasolid versions V33.1.x antérieures à V33.1.264 | ||
| Siemens | N/A | Parasolid versions V34.0.x antérieures à V34.0.252 | ||
| Siemens | N/A | Polarion ALM toutes versions | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V16 versions antérieures à V16 Update 2 | ||
| Siemens | N/A | APOGEE PXC Series (BACnet) versions antérieures à V3.5.5 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V13 versions antérieures à V13 SP2 Update 4 | ||
| Siemens | N/A | SCALANCE, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html | ||
| Siemens | N/A | SICAM GridPass (6MD7711-2AA00-1EA0) versions supérieures ou égales à V1.80 | ||
| Siemens | N/A | SIMATIC STEP 7 V5 versions antérieures à V5.6 SP2 HF3 | ||
| Siemens | N/A | SINAMICS STARTER versions antérieures à V5.4 HF2 | ||
| Siemens | N/A | SIMATIC NET PC Software V16 versions antérieures à V16 Upd3 | ||
| Siemens | N/A | Calibre ICE versions supérieures ou égales à V2022.4 | ||
| Siemens | N/A | SINUMERIK Operate versions antérieures à V6.14 | ||
| Siemens | N/A | SINEC NMS versions antérieures à V1.0 SP2 | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.16.x antérieures à V3.16 P035 | ||
| Siemens | N/A | SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions supérieures ou égales à V2.13 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V13 versions antérieures à V13 SP2 Update 4 | ||
| Siemens | N/A | SIMATIC WinCC OA V3.17 versions antérieures à V3.17 P003 | ||
| Siemens | N/A | Teamcenter Visualization V14.1.x antérieures à V14.1.0.6 | ||
| Siemens | N/A | SICAM PAS/PQS versions antérieures à 7.0 | ||
| Siemens | N/A | Mcenter versions supérieures ou égales à V5.2.1.0 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V15 versions antérieures à V15.1 Update 5 | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.18.x antérieures à V3.18 P014 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V14 versions antérieures à V14 SP1 Update 10 | ||
| Siemens | N/A | TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions | ||
| Siemens | N/A | SINEMA Server versions antérieures à V14 SP3 | ||
| Siemens | N/A | APOGEE PXC Series (P2 Ethernet) versions antérieures à V2.8.20 | ||
| Siemens | N/A | SINUMERIK ONE virtual versions antérieures à V6.14 | ||
| Siemens | N/A | Teamcenter Visualization V14.0.x | ||
| Siemens | N/A | SICAM PAS/PQS versions 8.x antérieures à 8.06 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Advanced versions antérieures à V16 Update 2 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V14 versions antérieures à V14 SP1 Update 10 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced versions antérieures à V5.0 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | Teamcenter Visualization V13.2.x antérieures à V13.2.0.12 | ||
| Siemens | N/A | RUGGEDCOM, pour plus d'informations, veuillez-vous référer à l'avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html | ||
| Siemens | N/A | Parasolid versions V34.1.x antérieures à V34.1.242 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V15 versions antérieures à V15.1 Update 5 | ||
| Siemens | N/A | Parasolid versions V35.0.x antérieures à V35.0.170 | ||
| Siemens | N/A | Mendix Email Connector versions antérieures à 2.0.0 | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.17.x antérieures à V3.17 P024 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Update 14 | ||
| Siemens | N/A | Mendix Workflow Commons versions antérieures à 2.4.0 | ||
| Siemens | N/A | SIMATIC NET PC Software V14 versions antérieures à V14 SP1 Update 14 | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.15.x | ||
| Siemens | N/A | SIMATIC Automation Tool versions antérieures à V4 SP2 | ||
| Siemens | N/A | Teamcenter Visualization V13.3.x | ||
| Siemens | N/A | SIMATIC Drive Controller family versions antérieures à V3.0.1 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions antérieures à V4.6.0 | ||
| Siemens | N/A | SIMATIC ProSave versions antérieures à V17 | ||
| Siemens | N/A | SIMATIC PCS neo versions antérieures à V3.0 SP1 | ||
| Siemens | N/A | Simcenter STAR-CCM+ toutes versions | ||
| Siemens | N/A | TALON TC Series (BACnet) versions antérieures à V3.5.5 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 SP1 Update 3 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller versions antérieures à V21.8 | ||
| Siemens | N/A | SIMATIC WinCC OA V3.16 versions antérieures à V3.16 P018 | ||
| Siemens | N/A | SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions antérieures à V3.0.1 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V16 versions antérieures à V16 Update 2 | ||
| Siemens | N/A | SIPROTEC 5, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html | ||
| Siemens | N/A | JT2Go toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller toutes versions |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC NET PC Software V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PLM Help Server V4.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS Startdrive versions ant\u00e9rieures \u00e0 V16 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200RNA toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V33.1.x ant\u00e9rieures \u00e0 V33.1.264",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V34.0.x ant\u00e9rieures \u00e0 V34.0.252",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Polarion ALM toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridPass (6MD7711-2AA00-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V1.80",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 V5.6 SP2 HF3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS STARTER versions ant\u00e9rieures \u00e0 V5.4 HF2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V16 versions ant\u00e9rieures \u00e0 V16 Upd3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Calibre ICE versions sup\u00e9rieures ou \u00e9gales \u00e0 V2022.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK Operate versions ant\u00e9rieures \u00e0 V6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS versions ant\u00e9rieures \u00e0 V1.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.16.x ant\u00e9rieures \u00e0 V3.16 P035",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.17 versions ant\u00e9rieures \u00e0 V3.17 P003",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.1.x ant\u00e9rieures \u00e0 V14.1.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM PAS/PQS versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mcenter versions sup\u00e9rieures ou \u00e9gales \u00e0 V5.2.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.18.x ant\u00e9rieures \u00e0 V3.18 P014",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server versions ant\u00e9rieures \u00e0 V14 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Series (P2 Ethernet) versions ant\u00e9rieures \u00e0 V2.8.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK ONE virtual versions ant\u00e9rieures \u00e0 V6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.0.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM PAS/PQS versions 8.x ant\u00e9rieures \u00e0 8.06",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V16 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 V5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.2.x ant\u00e9rieures \u00e0 V13.2.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V34.1.x ant\u00e9rieures \u00e0 V34.1.242",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V35.0.x ant\u00e9rieures \u00e0 V35.0.170",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Email Connector versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.17.x ant\u00e9rieures \u00e0 V3.17 P024",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Update 14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Workflow Commons versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.15.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Automation Tool versions ant\u00e9rieures \u00e0 V4 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.3.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Drive Controller family versions ant\u00e9rieures \u00e0 V3.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V4.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ProSave versions ant\u00e9rieures \u00e0 V17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo versions ant\u00e9rieures \u00e0 V3.0 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter STAR-CCM+ toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP1 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 V21.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.16 versions ant\u00e9rieures \u00e0 V3.16 P018",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-46345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
},
{
"name": "CVE-2020-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
},
{
"name": "CVE-2015-0208",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0208"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2021-40365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40365"
},
{
"name": "CVE-2022-41279",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41279"
},
{
"name": "CVE-2022-46353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46353"
},
{
"name": "CVE-2016-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
},
{
"name": "CVE-2019-6110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6110"
},
{
"name": "CVE-2022-46352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46352"
},
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2022-46347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
},
{
"name": "CVE-2022-46349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
},
{
"name": "CVE-2015-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
},
{
"name": "CVE-2015-6563",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
},
{
"name": "CVE-2015-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
},
{
"name": "CVE-2015-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
},
{
"name": "CVE-2022-46351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46351"
},
{
"name": "CVE-2015-6564",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2003-1562",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1562"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2016-2105",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
},
{
"name": "CVE-2016-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
},
{
"name": "CVE-2022-41280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41280"
},
{
"name": "CVE-2016-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
},
{
"name": "CVE-2019-6109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6109"
},
{
"name": "CVE-2022-46346",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
},
{
"name": "CVE-2022-41283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41283"
},
{
"name": "CVE-2022-46144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46144"
},
{
"name": "CVE-2016-6302",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6302"
},
{
"name": "CVE-2022-45044",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45044"
},
{
"name": "CVE-2018-4842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4842"
},
{
"name": "CVE-2022-44731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44731"
},
{
"name": "CVE-2022-46355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46355"
},
{
"name": "CVE-2016-6303",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
},
{
"name": "CVE-2015-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
},
{
"name": "CVE-2022-41288",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41288"
},
{
"name": "CVE-2019-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
},
{
"name": "CVE-2016-1907",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1907"
},
{
"name": "CVE-2016-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2178"
},
{
"name": "CVE-2022-43517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43517"
},
{
"name": "CVE-2016-10011",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10011"
},
{
"name": "CVE-2015-6565",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6565"
},
{
"name": "CVE-2022-3160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3160"
},
{
"name": "CVE-2016-6307",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6307"
},
{
"name": "CVE-2016-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2179"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2015-4000",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
},
{
"name": "CVE-2022-41282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41282"
},
{
"name": "CVE-2015-3194",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3194"
},
{
"name": "CVE-2015-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
},
{
"name": "CVE-2022-46350",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46350"
},
{
"name": "CVE-2022-46142",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46142"
},
{
"name": "CVE-2015-0290",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0290"
},
{
"name": "CVE-2016-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
},
{
"name": "CVE-2022-46348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
},
{
"name": "CVE-2022-46140",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46140"
},
{
"name": "CVE-2016-1908",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1908"
},
{
"name": "CVE-2016-2107",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
},
{
"name": "CVE-2019-16905",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16905"
},
{
"name": "CVE-2016-10009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
},
{
"name": "CVE-2016-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2181"
},
{
"name": "CVE-2019-6111",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6111"
},
{
"name": "CVE-2016-8858",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8858"
},
{
"name": "CVE-2016-6515",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6515"
},
{
"name": "CVE-2015-3197",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3197"
},
{
"name": "CVE-2022-41281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41281"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2016-2106",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
},
{
"name": "CVE-2015-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0207"
},
{
"name": "CVE-2015-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
},
{
"name": "CVE-2020-7580",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7580"
},
{
"name": "CVE-2015-0285",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0285"
},
{
"name": "CVE-2016-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0799"
},
{
"name": "CVE-2015-1794",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1794"
},
{
"name": "CVE-2022-34821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34821"
},
{
"name": "CVE-2016-6308",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6308"
},
{
"name": "CVE-2021-44694",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44694"
},
{
"name": "CVE-2016-6306",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6306"
},
{
"name": "CVE-2017-15906",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15906"
},
{
"name": "CVE-2021-44695",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44695"
},
{
"name": "CVE-2022-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3161"
},
{
"name": "CVE-2016-10010",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10010"
},
{
"name": "CVE-2022-45936",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45936"
},
{
"name": "CVE-2022-46265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46265"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2016-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2014-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2015-3193",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
},
{
"name": "CVE-2022-43723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43723"
},
{
"name": "CVE-2018-15473",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15473"
},
{
"name": "CVE-2015-0293",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
},
{
"name": "CVE-2022-45484",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45484"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-0287",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
},
{
"name": "CVE-2003-0190",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0190"
},
{
"name": "CVE-2018-20685",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20685"
},
{
"name": "CVE-2016-6305",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6305"
},
{
"name": "CVE-2015-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1787"
},
{
"name": "CVE-2016-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0798"
},
{
"name": "CVE-2022-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46143"
},
{
"name": "CVE-2022-41286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41286"
},
{
"name": "CVE-2016-10012",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10012"
},
{
"name": "CVE-2022-41278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41278"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2015-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8325"
},
{
"name": "CVE-2022-41287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41287"
},
{
"name": "CVE-2022-45937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45937"
},
{
"name": "CVE-2022-46354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46354"
},
{
"name": "CVE-2022-43724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43724"
},
{
"name": "CVE-2022-43722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43722"
},
{
"name": "CVE-2016-6210",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6210"
},
{
"name": "CVE-2015-3196",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3196"
},
{
"name": "CVE-2015-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
},
{
"name": "CVE-2022-41284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41284"
},
{
"name": "CVE-2016-2842",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2842"
},
{
"name": "CVE-2015-0291",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0291"
},
{
"name": "CVE-2016-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2180"
},
{
"name": "CVE-2021-44693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44693"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2016-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2182"
},
{
"name": "CVE-2016-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
},
{
"name": "CVE-2015-6574",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6574"
},
{
"name": "CVE-2015-0289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
},
{
"name": "CVE-2016-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
},
{
"name": "CVE-2019-13924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
},
{
"name": "CVE-2016-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2022-44575",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44575"
},
{
"name": "CVE-2022-41285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41285"
},
{
"name": "CVE-2022-46664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46664"
},
{
"name": "CVE-2022-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
},
{
"name": "CVE-2022-3159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3159"
},
{
"name": "CVE-2015-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
},
{
"name": "CVE-2018-4848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4848"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1094",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2022-12-13",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-180579.html"
}
]
}
CERTFR-2020-AVI-090
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC CP 1626 | ||
| Siemens | N/A | SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0 | ||
| Siemens | N/A | SIMATIC RF180C | ||
| Siemens | N/A | SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associées et variantes SIPLUS) | ||
| Siemens | N/A | SCALANCE S602, S612, S623, S627-2M, S627-2M | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V14.0.1 | ||
| Siemens | N/A | SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules | ||
| Siemens | N/A | SIMOTION P320-4E | ||
| Siemens | N/A | SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.2 | ||
| Siemens | N/A | TIM 1531 IRC (incl. variante SIPLUS NET) versions antérieures à V2.0 | ||
| Siemens | N/A | SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E | ||
| Siemens | N/A | OZW672 versions antérieures à V10.00 | ||
| Siemens | N/A | SIMATIC BATCH V9.0 | ||
| Siemens | N/A | SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions antérieures à V4.1.3 | ||
| Siemens | N/A | SIMATIC CP 1628 versions antérieures à V14.00.15.00_51.25.00.01 | ||
| Siemens | N/A | SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC PCS 7 V8.2 | ||
| Siemens | N/A | SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions antérieures V2.2 | ||
| Siemens | N/A | SIMATIC CP 1616 et CP 1604 versions antérieures à V2.8.1 | ||
| Siemens | N/A | OpenPCS 7 V8.1 | ||
| Siemens | N/A | SIMATIC WinCC V7.3 | ||
| Siemens | N/A | SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0 | ||
| Siemens | N/A | SIMATIC Field PG M4, Field PG M5, Field PG M6 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller | ||
| Siemens | N/A | OpenPCS 7 V9.0 | ||
| Siemens | N/A | SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions antérieures à V4.1 | ||
| Siemens | N/A | SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (excepté 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC Route Control V9.0 | ||
| Siemens | N/A | SCALANCE XR-500 switch versions antérieures à V6.2.3 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.6 | ||
| Siemens | N/A | SINAMICS DCP versions antérieures à V1.3 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 | ||
| Siemens | N/A | SIMATIC Route Control V8.2 | ||
| Siemens | N/A | SCALANCE X-200 switch (incl. variante SIPLUS NET) versions antérieures à V5.2.4 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V15.1 | ||
| Siemens | N/A | SIMATIC RF600 versions antérieures à V3.2.1 | ||
| Siemens | N/A | SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions antérieures à V5.4.2 | ||
| Siemens | N/A | SIMATIC ITP1000 | ||
| Siemens | N/A | SIMATIC IPC Support, Package for VxWorks | ||
| Siemens | N/A | OZW772 versions antérieures à V10.00 | ||
| Siemens | N/A | SCALANCE W700 IEEE 802.11n versions antérieures à V6.4 | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V13 versions antérieures à V13 SP2 | ||
| Siemens | N/A | SIMATIC PCS 7 V8.1 | ||
| Siemens | N/A | IE/PB LINK PN IO (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC PCS 7 V9.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU (incl. les CPUS ET200 associées et variantes SIPLUS) versions antérieures à 2.8 | ||
| Siemens | N/A | RUGGEDCOM RM1224 versions antérieures à V6.1.2 | ||
| Siemens | N/A | SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.0 | ||
| Siemens | N/A | SIMATIC RF182C | ||
| Siemens | N/A | SIMATIC IPC427D, IPC427E (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMOTION P320-4S | ||
| Siemens | N/A | PROFINET Driver for Controller versions antérieures à V2.1 Patch 03 | ||
| Siemens | N/A | SCALANCE XM-400 switch versions antérieures à V6.2.3 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC BATCH V8.1 | ||
| Siemens | N/A | SIMATIC CP 1623 versions antérieures à V14.00.15.00_51.25.00.01 | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à 7.5.1 Upd1 | ||
| Siemens | N/A | SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA | ||
| Siemens | N/A | SIPORT MP versions antérieures à V3.1.4 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V16 | ||
| Siemens | N/A | SIMATIC Route Control V8.1 | ||
| Siemens | N/A | SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU V6 et antérieures (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC BATCH V8.2 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5 Patch 01 | ||
| Siemens | N/A | SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF | ||
| Siemens | N/A | SCALANCE M-800 / S615 versions antérieures à V6.1.2 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC MV400 | ||
| Siemens | N/A | OpenPCS 7 V8.2 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller versions antérieures à 20.8 | ||
| Siemens | N/A | SIMATIC NET PC Software |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC CP 1626",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF180C",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S602, S612, S623, S627-2M, S627-2M",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V14.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4E",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OZW672 versions ant\u00e9rieures \u00e0 V10.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V4.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1628 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions ant\u00e9rieures V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1616 et CP 1604 versions ant\u00e9rieures \u00e0 V2.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Field PG M4, Field PG M5, Field PG M6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions ant\u00e9rieures \u00e0 V4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (except\u00e9 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR-500 switch versions ant\u00e9rieures \u00e0 V6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS DCP versions ant\u00e9rieures \u00e0 V1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V15.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF600 versions ant\u00e9rieures \u00e0 V3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITP1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC Support, Package for VxWorks",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OZW772 versions ant\u00e9rieures \u00e0 V10.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W700 IEEE 802.11n versions ant\u00e9rieures \u00e0 V6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "IE/PB LINK PN IO (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS) versions ant\u00e9rieures \u00e0 2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 V6.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF182C",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4S",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PROFINET Driver for Controller versions ant\u00e9rieures \u00e0 V2.1 Patch 03",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM-400 switch versions ant\u00e9rieures \u00e0 V6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1623 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 7.5.1 Upd1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPORT MP versions ant\u00e9rieures \u00e0 V3.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU V6 et ant\u00e9rieures (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5 Patch 01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M-800 / S615 versions ant\u00e9rieures \u00e0 V6.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV400",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 20.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19282"
},
{
"name": "CVE-2019-19277",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19277"
},
{
"name": "CVE-2019-13926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13926"
},
{
"name": "CVE-2019-0152",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-19281",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19281"
},
{
"name": "CVE-2019-13941",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13941"
},
{
"name": "CVE-2015-5621",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
},
{
"name": "CVE-2019-18217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18217"
},
{
"name": "CVE-2019-12815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12815"
},
{
"name": "CVE-2019-13940",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13940"
},
{
"name": "CVE-2019-19279",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19279"
},
{
"name": "CVE-2019-13925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13925"
},
{
"name": "CVE-2019-0151",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
},
{
"name": "CVE-2019-13946",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13946"
},
{
"name": "CVE-2019-6585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6585"
},
{
"name": "CVE-2020-19282",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19282"
},
{
"name": "CVE-2019-13924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
},
{
"name": "CVE-2018-18065",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-090",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-398519 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-940889 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-974843 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-270778 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-780073 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-986695 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-750824 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-951513 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-431678 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-591405 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978558 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978220 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
}
]
}
CERTFR-2020-AVI-090
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC CP 1626 | ||
| Siemens | N/A | SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0 | ||
| Siemens | N/A | SIMATIC RF180C | ||
| Siemens | N/A | SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associées et variantes SIPLUS) | ||
| Siemens | N/A | SCALANCE S602, S612, S623, S627-2M, S627-2M | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V14.0.1 | ||
| Siemens | N/A | SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules | ||
| Siemens | N/A | SIMOTION P320-4E | ||
| Siemens | N/A | SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.2 | ||
| Siemens | N/A | TIM 1531 IRC (incl. variante SIPLUS NET) versions antérieures à V2.0 | ||
| Siemens | N/A | SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E | ||
| Siemens | N/A | OZW672 versions antérieures à V10.00 | ||
| Siemens | N/A | SIMATIC BATCH V9.0 | ||
| Siemens | N/A | SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions antérieures à V4.1.3 | ||
| Siemens | N/A | SIMATIC CP 1628 versions antérieures à V14.00.15.00_51.25.00.01 | ||
| Siemens | N/A | SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC PCS 7 V8.2 | ||
| Siemens | N/A | SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions antérieures V2.2 | ||
| Siemens | N/A | SIMATIC CP 1616 et CP 1604 versions antérieures à V2.8.1 | ||
| Siemens | N/A | OpenPCS 7 V8.1 | ||
| Siemens | N/A | SIMATIC WinCC V7.3 | ||
| Siemens | N/A | SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0 | ||
| Siemens | N/A | SIMATIC Field PG M4, Field PG M5, Field PG M6 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller | ||
| Siemens | N/A | OpenPCS 7 V9.0 | ||
| Siemens | N/A | SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions antérieures à V4.1 | ||
| Siemens | N/A | SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (excepté 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC Route Control V9.0 | ||
| Siemens | N/A | SCALANCE XR-500 switch versions antérieures à V6.2.3 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.6 | ||
| Siemens | N/A | SINAMICS DCP versions antérieures à V1.3 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 | ||
| Siemens | N/A | SIMATIC Route Control V8.2 | ||
| Siemens | N/A | SCALANCE X-200 switch (incl. variante SIPLUS NET) versions antérieures à V5.2.4 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V15.1 | ||
| Siemens | N/A | SIMATIC RF600 versions antérieures à V3.2.1 | ||
| Siemens | N/A | SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions antérieures à V5.4.2 | ||
| Siemens | N/A | SIMATIC ITP1000 | ||
| Siemens | N/A | SIMATIC IPC Support, Package for VxWorks | ||
| Siemens | N/A | OZW772 versions antérieures à V10.00 | ||
| Siemens | N/A | SCALANCE W700 IEEE 802.11n versions antérieures à V6.4 | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V13 versions antérieures à V13 SP2 | ||
| Siemens | N/A | SIMATIC PCS 7 V8.1 | ||
| Siemens | N/A | IE/PB LINK PN IO (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC PCS 7 V9.0 | ||
| Siemens | N/A | SIMATIC S7-1500 CPU (incl. les CPUS ET200 associées et variantes SIPLUS) versions antérieures à 2.8 | ||
| Siemens | N/A | RUGGEDCOM RM1224 versions antérieures à V6.1.2 | ||
| Siemens | N/A | SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.0 | ||
| Siemens | N/A | SIMATIC RF182C | ||
| Siemens | N/A | SIMATIC IPC427D, IPC427E (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMOTION P320-4S | ||
| Siemens | N/A | PROFINET Driver for Controller versions antérieures à V2.1 Patch 03 | ||
| Siemens | N/A | SCALANCE XM-400 switch versions antérieures à V6.2.3 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC BATCH V8.1 | ||
| Siemens | N/A | SIMATIC CP 1623 versions antérieures à V14.00.15.00_51.25.00.01 | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à 7.5.1 Upd1 | ||
| Siemens | N/A | SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA | ||
| Siemens | N/A | SIPORT MP versions antérieures à V3.1.4 | ||
| Siemens | N/A | SIMATIC WinCC (TIA Portal) V16 | ||
| Siemens | N/A | SIMATIC Route Control V8.1 | ||
| Siemens | N/A | SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET) | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU V6 et antérieures (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC BATCH V8.2 | ||
| Siemens | N/A | Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5 Patch 01 | ||
| Siemens | N/A | SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF | ||
| Siemens | N/A | SCALANCE M-800 / S615 versions antérieures à V6.1.2 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS) | ||
| Siemens | N/A | SIMATIC MV400 | ||
| Siemens | N/A | OpenPCS 7 V8.2 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller versions antérieures à 20.8 | ||
| Siemens | N/A | SIMATIC NET PC Software |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC CP 1626",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF180C",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S602, S612, S623, S627-2M, S627-2M",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V14.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4E",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OZW672 versions ant\u00e9rieures \u00e0 V10.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V4.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1628 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions ant\u00e9rieures V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1616 et CP 1604 versions ant\u00e9rieures \u00e0 V2.8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Field PG M4, Field PG M5, Field PG M6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions ant\u00e9rieures \u00e0 V4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (except\u00e9 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR-500 switch versions ant\u00e9rieures \u00e0 V6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS DCP versions ant\u00e9rieures \u00e0 V1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V15.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF600 versions ant\u00e9rieures \u00e0 V3.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ITP1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC Support, Package for VxWorks",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OZW772 versions ant\u00e9rieures \u00e0 V10.00",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE W700 IEEE 802.11n versions ant\u00e9rieures \u00e0 V6.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "IE/PB LINK PN IO (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS 7 V9.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS) versions ant\u00e9rieures \u00e0 2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 V6.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF182C",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOTION P320-4S",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PROFINET Driver for Controller versions ant\u00e9rieures \u00e0 V2.1 Patch 03",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XM-400 switch versions ant\u00e9rieures \u00e0 V6.2.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1623 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 7.5.1 Upd1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPORT MP versions ant\u00e9rieures \u00e0 V3.1.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC (TIA Portal) V16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Route Control V8.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU V6 et ant\u00e9rieures (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC BATCH V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5 Patch 01",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE M-800 / S615 versions ant\u00e9rieures \u00e0 V6.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC MV400",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 20.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-19282",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19282"
},
{
"name": "CVE-2019-19277",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19277"
},
{
"name": "CVE-2019-13926",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13926"
},
{
"name": "CVE-2019-0152",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
},
{
"name": "CVE-2019-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
},
{
"name": "CVE-2019-19281",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19281"
},
{
"name": "CVE-2019-13941",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13941"
},
{
"name": "CVE-2015-5621",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
},
{
"name": "CVE-2019-18217",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-18217"
},
{
"name": "CVE-2019-12815",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12815"
},
{
"name": "CVE-2019-13940",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13940"
},
{
"name": "CVE-2019-19279",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19279"
},
{
"name": "CVE-2019-13925",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13925"
},
{
"name": "CVE-2019-0151",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
},
{
"name": "CVE-2019-13946",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13946"
},
{
"name": "CVE-2019-6585",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6585"
},
{
"name": "CVE-2020-19282",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-19282"
},
{
"name": "CVE-2019-13924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
},
{
"name": "CVE-2018-18065",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-090",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-398519 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-940889 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-974843 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-270778 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-780073 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-986695 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-750824 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-951513 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-431678 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-591405 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978558 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978220 du 11 f\u00e9vrier 2020",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
}
]
}
CERTFR-2022-AVI-1094
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SIMATIC NET PC Software V15 toutes versions | ||
| Siemens | N/A | PLM Help Server V4.2 toutes versions | ||
| Siemens | N/A | SINAMICS Startdrive versions antérieures à V16 Update 3 | ||
| Siemens | N/A | SCALANCE X-200RNA toutes versions | ||
| Siemens | N/A | Parasolid versions V33.1.x antérieures à V33.1.264 | ||
| Siemens | N/A | Parasolid versions V34.0.x antérieures à V34.0.252 | ||
| Siemens | N/A | Polarion ALM toutes versions | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V16 versions antérieures à V16 Update 2 | ||
| Siemens | N/A | APOGEE PXC Series (BACnet) versions antérieures à V3.5.5 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V13 versions antérieures à V13 SP2 Update 4 | ||
| Siemens | N/A | SCALANCE, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html | ||
| Siemens | N/A | SICAM GridPass (6MD7711-2AA00-1EA0) versions supérieures ou égales à V1.80 | ||
| Siemens | N/A | SIMATIC STEP 7 V5 versions antérieures à V5.6 SP2 HF3 | ||
| Siemens | N/A | SINAMICS STARTER versions antérieures à V5.4 HF2 | ||
| Siemens | N/A | SIMATIC NET PC Software V16 versions antérieures à V16 Upd3 | ||
| Siemens | N/A | Calibre ICE versions supérieures ou égales à V2022.4 | ||
| Siemens | N/A | SINUMERIK Operate versions antérieures à V6.14 | ||
| Siemens | N/A | SINEC NMS versions antérieures à V1.0 SP2 | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.16.x antérieures à V3.16 P035 | ||
| Siemens | N/A | SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions supérieures ou égales à V2.13 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V13 versions antérieures à V13 SP2 Update 4 | ||
| Siemens | N/A | SIMATIC WinCC OA V3.17 versions antérieures à V3.17 P003 | ||
| Siemens | N/A | Teamcenter Visualization V14.1.x antérieures à V14.1.0.6 | ||
| Siemens | N/A | SICAM PAS/PQS versions antérieures à 7.0 | ||
| Siemens | N/A | Mcenter versions supérieures ou égales à V5.2.1.0 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V15 versions antérieures à V15.1 Update 5 | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.18.x antérieures à V3.18 P014 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Professional V14 versions antérieures à V14 SP1 Update 10 | ||
| Siemens | N/A | TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions | ||
| Siemens | N/A | SINEMA Server versions antérieures à V14 SP3 | ||
| Siemens | N/A | APOGEE PXC Series (P2 Ethernet) versions antérieures à V2.8.20 | ||
| Siemens | N/A | SINUMERIK ONE virtual versions antérieures à V6.14 | ||
| Siemens | N/A | Teamcenter Visualization V14.0.x | ||
| Siemens | N/A | SICAM PAS/PQS versions 8.x antérieures à 8.06 | ||
| Siemens | N/A | SIMATIC WinCC Runtime Advanced versions antérieures à V16 Update 2 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V14 versions antérieures à V14 SP1 Update 10 | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced versions antérieures à V5.0 | ||
| Siemens | N/A | SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | Teamcenter Visualization V13.2.x antérieures à V13.2.0.12 | ||
| Siemens | N/A | RUGGEDCOM, pour plus d'informations, veuillez-vous référer à l'avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html | ||
| Siemens | N/A | Parasolid versions V34.1.x antérieures à V34.1.242 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V15 versions antérieures à V15.1 Update 5 | ||
| Siemens | N/A | Parasolid versions V35.0.x antérieures à V35.0.170 | ||
| Siemens | N/A | Mendix Email Connector versions antérieures à 2.0.0 | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.17.x antérieures à V3.17 P024 | ||
| Siemens | N/A | SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Update 14 | ||
| Siemens | N/A | Mendix Workflow Commons versions antérieures à 2.4.0 | ||
| Siemens | N/A | SIMATIC NET PC Software V14 versions antérieures à V14 SP1 Update 14 | ||
| Siemens | N/A | SIMATIC WinCC OA versions V3.15.x | ||
| Siemens | N/A | SIMATIC Automation Tool versions antérieures à V4 SP2 | ||
| Siemens | N/A | Teamcenter Visualization V13.3.x | ||
| Siemens | N/A | SIMATIC Drive Controller family versions antérieures à V3.0.1 | ||
| Siemens | N/A | SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions antérieures à V4.6.0 | ||
| Siemens | N/A | SIMATIC ProSave versions antérieures à V17 | ||
| Siemens | N/A | SIMATIC PCS neo versions antérieures à V3.0 SP1 | ||
| Siemens | N/A | Simcenter STAR-CCM+ toutes versions | ||
| Siemens | N/A | TALON TC Series (BACnet) versions antérieures à V3.5.5 | ||
| Siemens | N/A | SIMATIC WinCC V7.5 versions antérieures à V7.5 SP1 Update 3 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller versions antérieures à V21.8 | ||
| Siemens | N/A | SIMATIC WinCC OA V3.16 versions antérieures à V3.16 P018 | ||
| Siemens | N/A | SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions antérieures à V3.0.1 | ||
| Siemens | N/A | SIMATIC STEP 7 (TIA Portal) V16 versions antérieures à V16 Update 2 | ||
| Siemens | N/A | SIPROTEC 5, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html | ||
| Siemens | N/A | JT2Go toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller toutes versions |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SIMATIC NET PC Software V15 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "PLM Help Server V4.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS Startdrive versions ant\u00e9rieures \u00e0 V16 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200RNA toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V33.1.x ant\u00e9rieures \u00e0 V33.1.264",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V34.0.x ant\u00e9rieures \u00e0 V34.0.252",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Polarion ALM toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM GridPass (6MD7711-2AA00-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V1.80",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 V5.6 SP2 HF3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS STARTER versions ant\u00e9rieures \u00e0 V5.4 HF2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V16 versions ant\u00e9rieures \u00e0 V16 Upd3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Calibre ICE versions sup\u00e9rieures ou \u00e9gales \u00e0 V2022.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK Operate versions ant\u00e9rieures \u00e0 V6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS versions ant\u00e9rieures \u00e0 V1.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.16.x ant\u00e9rieures \u00e0 V3.16 P035",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.17 versions ant\u00e9rieures \u00e0 V3.17 P003",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.1.x ant\u00e9rieures \u00e0 V14.1.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM PAS/PQS versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mcenter versions sup\u00e9rieures ou \u00e9gales \u00e0 V5.2.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.18.x ant\u00e9rieures \u00e0 V3.18 P014",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Professional V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server versions ant\u00e9rieures \u00e0 V14 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Series (P2 Ethernet) versions ant\u00e9rieures \u00e0 V2.8.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK ONE virtual versions ant\u00e9rieures \u00e0 V6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.0.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SICAM PAS/PQS versions 8.x ant\u00e9rieures \u00e0 8.06",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V16 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 V5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.2.x ant\u00e9rieures \u00e0 V13.2.0.12",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V34.1.x ant\u00e9rieures \u00e0 V34.1.242",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Parasolid versions V35.0.x ant\u00e9rieures \u00e0 V35.0.170",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Email Connector versions ant\u00e9rieures \u00e0 2.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.17.x ant\u00e9rieures \u00e0 V3.17 P024",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Update 14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Workflow Commons versions ant\u00e9rieures \u00e0 2.4.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 14",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA versions V3.15.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Automation Tool versions ant\u00e9rieures \u00e0 V4 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.3.x",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Drive Controller family versions ant\u00e9rieures \u00e0 V3.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V4.6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ProSave versions ant\u00e9rieures \u00e0 V17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC PCS neo versions ant\u00e9rieures \u00e0 V3.0 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter STAR-CCM+ toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP1 Update 3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 V21.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA V3.16 versions ant\u00e9rieures \u00e0 V3.16 P018",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC STEP 7 (TIA Portal) V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-46345",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
},
{
"name": "CVE-2020-28388",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
},
{
"name": "CVE-2015-0208",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0208"
},
{
"name": "CVE-2016-0703",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
},
{
"name": "CVE-2021-40365",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40365"
},
{
"name": "CVE-2022-41279",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41279"
},
{
"name": "CVE-2022-46353",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46353"
},
{
"name": "CVE-2016-0701",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
},
{
"name": "CVE-2019-6110",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6110"
},
{
"name": "CVE-2022-46352",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46352"
},
{
"name": "CVE-2015-5600",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
},
{
"name": "CVE-2022-46347",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
},
{
"name": "CVE-2022-46349",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
},
{
"name": "CVE-2015-0292",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
},
{
"name": "CVE-2015-6563",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
},
{
"name": "CVE-2015-0286",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
},
{
"name": "CVE-2015-1791",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
},
{
"name": "CVE-2022-46351",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46351"
},
{
"name": "CVE-2015-6564",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
},
{
"name": "CVE-2015-3195",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
},
{
"name": "CVE-2016-0777",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
},
{
"name": "CVE-2003-1562",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-1562"
},
{
"name": "CVE-2016-0800",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
},
{
"name": "CVE-2016-2105",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
},
{
"name": "CVE-2016-2177",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
},
{
"name": "CVE-2022-41280",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41280"
},
{
"name": "CVE-2016-2176",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
},
{
"name": "CVE-2019-6109",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6109"
},
{
"name": "CVE-2022-46346",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
},
{
"name": "CVE-2022-41283",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41283"
},
{
"name": "CVE-2022-46144",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46144"
},
{
"name": "CVE-2016-6302",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6302"
},
{
"name": "CVE-2022-45044",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45044"
},
{
"name": "CVE-2018-4842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4842"
},
{
"name": "CVE-2022-44731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44731"
},
{
"name": "CVE-2022-46355",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46355"
},
{
"name": "CVE-2016-6303",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
},
{
"name": "CVE-2015-0288",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
},
{
"name": "CVE-2022-41288",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41288"
},
{
"name": "CVE-2019-1552",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
},
{
"name": "CVE-2016-1907",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1907"
},
{
"name": "CVE-2016-2178",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2178"
},
{
"name": "CVE-2022-43517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43517"
},
{
"name": "CVE-2016-10011",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10011"
},
{
"name": "CVE-2015-6565",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6565"
},
{
"name": "CVE-2022-3160",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3160"
},
{
"name": "CVE-2016-6307",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6307"
},
{
"name": "CVE-2016-2179",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2179"
},
{
"name": "CVE-2022-3786",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
},
{
"name": "CVE-2015-4000",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
},
{
"name": "CVE-2022-41282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41282"
},
{
"name": "CVE-2015-3194",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3194"
},
{
"name": "CVE-2015-1789",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
},
{
"name": "CVE-2022-46350",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46350"
},
{
"name": "CVE-2022-46142",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46142"
},
{
"name": "CVE-2015-0290",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0290"
},
{
"name": "CVE-2016-6304",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
},
{
"name": "CVE-2022-46348",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
},
{
"name": "CVE-2022-46140",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46140"
},
{
"name": "CVE-2016-1908",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1908"
},
{
"name": "CVE-2016-2107",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
},
{
"name": "CVE-2019-16905",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16905"
},
{
"name": "CVE-2016-10009",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
},
{
"name": "CVE-2016-2181",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2181"
},
{
"name": "CVE-2019-6111",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6111"
},
{
"name": "CVE-2016-8858",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8858"
},
{
"name": "CVE-2016-6515",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6515"
},
{
"name": "CVE-2015-3197",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3197"
},
{
"name": "CVE-2022-41281",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41281"
},
{
"name": "CVE-2018-25032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
},
{
"name": "CVE-2013-0169",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
},
{
"name": "CVE-2015-1788",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
},
{
"name": "CVE-2016-2106",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
},
{
"name": "CVE-2015-0207",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0207"
},
{
"name": "CVE-2015-1792",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
},
{
"name": "CVE-2020-7580",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7580"
},
{
"name": "CVE-2015-0285",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0285"
},
{
"name": "CVE-2016-0799",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0799"
},
{
"name": "CVE-2015-1794",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1794"
},
{
"name": "CVE-2022-34821",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34821"
},
{
"name": "CVE-2016-6308",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6308"
},
{
"name": "CVE-2021-44694",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44694"
},
{
"name": "CVE-2016-6306",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6306"
},
{
"name": "CVE-2017-15906",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15906"
},
{
"name": "CVE-2021-44695",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44695"
},
{
"name": "CVE-2022-3161",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3161"
},
{
"name": "CVE-2016-10010",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10010"
},
{
"name": "CVE-2022-45936",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45936"
},
{
"name": "CVE-2022-46265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46265"
},
{
"name": "CVE-2016-0704",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
},
{
"name": "CVE-2016-0702",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2014-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
},
{
"name": "CVE-2016-2183",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
},
{
"name": "CVE-2015-3193",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
},
{
"name": "CVE-2022-43723",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43723"
},
{
"name": "CVE-2018-15473",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-15473"
},
{
"name": "CVE-2015-0293",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
},
{
"name": "CVE-2022-45484",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45484"
},
{
"name": "CVE-2015-5352",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
},
{
"name": "CVE-2015-0287",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
},
{
"name": "CVE-2003-0190",
"url": "https://www.cve.org/CVERecord?id=CVE-2003-0190"
},
{
"name": "CVE-2018-20685",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20685"
},
{
"name": "CVE-2016-6305",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6305"
},
{
"name": "CVE-2015-1787",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1787"
},
{
"name": "CVE-2016-0798",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0798"
},
{
"name": "CVE-2022-46143",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46143"
},
{
"name": "CVE-2022-41286",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41286"
},
{
"name": "CVE-2016-10012",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10012"
},
{
"name": "CVE-2022-41278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41278"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2015-8325",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8325"
},
{
"name": "CVE-2022-41287",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41287"
},
{
"name": "CVE-2022-45937",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45937"
},
{
"name": "CVE-2022-46354",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46354"
},
{
"name": "CVE-2022-43724",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43724"
},
{
"name": "CVE-2022-43722",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43722"
},
{
"name": "CVE-2016-6210",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-6210"
},
{
"name": "CVE-2015-3196",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3196"
},
{
"name": "CVE-2015-0209",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
},
{
"name": "CVE-2022-41284",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41284"
},
{
"name": "CVE-2016-2842",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2842"
},
{
"name": "CVE-2015-0291",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0291"
},
{
"name": "CVE-2016-2180",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2180"
},
{
"name": "CVE-2021-44693",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44693"
},
{
"name": "CVE-2022-3602",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
},
{
"name": "CVE-2016-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2182"
},
{
"name": "CVE-2016-0797",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
},
{
"name": "CVE-2015-6574",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-6574"
},
{
"name": "CVE-2015-0289",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
},
{
"name": "CVE-2016-0705",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
},
{
"name": "CVE-2019-13924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
},
{
"name": "CVE-2016-2109",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
},
{
"name": "CVE-2016-2108",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
},
{
"name": "CVE-2022-44575",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44575"
},
{
"name": "CVE-2022-41285",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-41285"
},
{
"name": "CVE-2022-46664",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46664"
},
{
"name": "CVE-2022-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
},
{
"name": "CVE-2022-3159",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-3159"
},
{
"name": "CVE-2015-1790",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
},
{
"name": "CVE-2016-0778",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
},
{
"name": "CVE-2018-4848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-4848"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1094",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": "2022-12-13",
"title": "Bulletin de s\u00e9curit\u00e9 Siemens",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-180579.html"
}
]
}
CERTFR-2021-AVI-256
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens SCALANCE. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SCALANCE X202-2P IRT (incl. SIPLUS NET vari-ant) versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X204-2LD TS toutes versions | ||
| Siemens | N/A | SCALANCE X-200 switch family (incl. SIPLUSNET variants) versions antérieures à 5.2.4 | ||
| Siemens | N/A | SCALANCE X204-2TS toutes versions | ||
| Siemens | N/A | SCALANCE XF202-2P IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE XF206-1 toutes versions | ||
| Siemens | N/A | SCALANCE X206-1 toutes versions | ||
| Siemens | N/A | SCALANCE XF204 IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X-300 switch family (incl. X408 andSIPLUS NET variants) versions antérieures à 4.1.3 | ||
| Siemens | N/A | SCALANCE X224 toutes versions | ||
| Siemens | N/A | SCALANCE X204 IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X204 IRT PRO versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X216 toutes versions | ||
| Siemens | N/A | SCALANCE XF204 toutes versions | ||
| Siemens | N/A | SCALANCE XF204-2BA IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X-200IRT switch family (incl. SIPLUSNET variants) versions antérieures à 5.5.0 | ||
| Siemens | N/A | SCALANCE X200-4P IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X202-2P IRT PRO versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE XF204-2 (incl. SIPLUS NET vari-ant) toutes versions | ||
| Siemens | N/A | SCALANCE X204-2LD (incl. SIPLUS NET vari-ant) toutes versions | ||
| Siemens | N/A | SCALANCE S627-2M versions antérieures à 4.1 | ||
| Siemens | N/A | SCALANCE X202-2 IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X201-3P IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X208PRO toutes versions | ||
| Siemens | N/A | SCALANCE S602 versions antérieures à 4.1 | ||
| Siemens | N/A | SCALANCE S623 versions antérieures à 4.1 | ||
| Siemens | N/A | SCALANCE X206-1LD toutes versions | ||
| Siemens | N/A | SCALANCE X204-2FM toutes versions | ||
| Siemens | N/A | SCALANCE XF208 toutes versions | ||
| Siemens | N/A | SCALANCE XF201-3P IRT versions antérieures à 5.5.1 | ||
| Siemens | N/A | SCALANCE X208 (incl. SIPLUS NET variant) toutes versions | ||
| Siemens | N/A | SCALANCE X212-2LD toutes versions | ||
| Siemens | N/A | SCALANCE X204-2 (incl. SIPLUS NET variant) toutes versions | ||
| Siemens | N/A | SCALANCE S612 versions antérieures à 4.1 | ||
| Siemens | N/A | SCALANCE X212-2 (incl. SIPLUS NET variant) toutes versions | ||
| Siemens | N/A | SCALANCE X201-3P IRT PRO versions antérieures à 5.5.1 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCALANCE X202-2P IRT (incl. SIPLUS NET vari-ant) versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2LD TS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200 switch family (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 5.2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2TS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF202-2P IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF206-1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X206-1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204 IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-300 switch family (incl. X408 andSIPLUS NET variants) versions ant\u00e9rieures \u00e0 4.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X224 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204 IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204 IRT PRO versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X216 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2BA IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X-200IRT switch family (incl. SIPLUSNET variants) versions ant\u00e9rieures \u00e0 5.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X200-4P IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT PRO versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2 (incl. SIPLUS NET vari-ant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2LD (incl. SIPLUS NET vari-ant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S627-2M versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2 IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X208PRO toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S602 versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S623 versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X206-1LD toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2FM toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF208 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF201-3P IRT versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X208 (incl. SIPLUS NET variant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X212-2LD toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2 (incl. SIPLUS NET variant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE S612 versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X212-2 (incl. SIPLUS NET variant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT PRO versions ant\u00e9rieures \u00e0 5.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-25669",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25669"
},
{
"name": "CVE-2019-13924",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
},
{
"name": "CVE-2021-25668",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25668"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-256",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens SCALANCE. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens SCALANCE",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-187092 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-187092.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-951513 du 13 avril 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
}
]
}
ICSA-20-042-07
Vulnerability from csaf_cisa - Published: 2020-02-11 00:00 - Updated: 2022-12-13 00:00Summary
Siemens SCALANCE X Switches (Update B)
Notes
Summary
Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions
if the victim is tricked into clicking on a website controlled by the attacker.
The attack only works if the victim has an authenticated session on the administrative interface of the switch.
Siemens has released updates for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting this vulnerability to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"notes": [
{
"category": "summary",
"text": "Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions\nif the victim is tricked into clicking on a website controlled by the attacker.\nThe attack only works if the victim has an authenticated session on the administrative interface of the switch.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of these vulnerabilities.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-951513: Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, X-200RNA and X-200 Switch Families - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-951513.json"
},
{
"category": "self",
"summary": "SSA-951513: Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, X-200RNA and X-200 Switch Families - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-951513.txt"
},
{
"category": "self",
"summary": "SSA-951513: Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, X-200RNA and X-200 Switch Families - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-20-042-07 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsa-20-042-07.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-20-042-07 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-20-042-07"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SCALANCE X Switches (Update B)",
"tracking": {
"current_release_date": "2022-12-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-20-042-07",
"initial_release_date": "2020-02-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2020-02-11T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-02-09T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added solution for SCALANCE X-200IRT switch family"
},
{
"date": "2021-04-13T00:00:00.000000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added affected products SCALANCE S602, SCALANCE S612, SCALANCE S623, and SCALANCE S627-2M"
},
{
"date": "2022-12-13T00:00:00.000000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added SCALANCE X-200RNA switch family"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1",
"product": {
"name": "SCALANCE S602",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "SCALANCE S602"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1",
"product": {
"name": "SCALANCE S612",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "SCALANCE S612"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1",
"product": {
"name": "SCALANCE S623",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "SCALANCE S623"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV4.1",
"product": {
"name": "SCALANCE S627-2M",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "SCALANCE S627-2M"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c5.2.4",
"product": {
"name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.0",
"product": {
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV3.2.7",
"product": {
"name": "SCALANCE X-200RNA switch family",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200RNA switch family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c4.1.3",
"product": {
"name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13924",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "summary",
"text": "The device does not send the X-Frame-Option Header in the administrative web\ninterface, which makes it vulnerable to Clickjacking attacks. \n\nThe security vulnerability could be exploited by an attacker that is able\nto trick an administrative user with a valid session on the target device into\nclicking on a website controlled by the attacker. The vulnerability could\nallow an attacker to perform administrative actions via the web interface.\n",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only access links from trusted sources in the browser you use to configure the SCALANCE X switches.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
},
{
"category": "mitigation",
"details": "Upgrade hardware to successor product from SCALANCE SC-600 family (\nhttps://support.industry.siemens.com/cs/document/109756957) and apply patches when available, or follow recommendations from section Workarounds and Mitigations",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V4.1.3 or later version",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://support.industry.siemens.com/cs/document/109773547/"
},
{
"category": "vendor_fix",
"details": "Update to V5.2.4 or later version",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://support.industry.siemens.com/cs/document/109767965/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.0 or later version",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1 or later version\nUpdate is only available via Siemens Support contact",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.2.7 or later version",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109814809/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L/E:P/RL:U/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008"
]
}
],
"title": "CVE-2019-13924"
}
]
}
CNVD-2020-23037
Vulnerability from cnvd - Published: 2020-04-16
VLAI Severity ?
Title
多款Siemens产品输入验证错误漏洞(CNVD-2020-23037)
Description
Siemens Scalance X-200等都是德国西门子(Siemens)公司的一款工业级以太网交换机。
多款Siemens产品中存在输入验证错误漏洞,攻击者可利用该漏洞劫持其他用户的点击操作。
Severity
中
Patch Name
多款Siemens产品输入验证错误漏洞(CNVD-2020-23037)的补丁
Patch Description
Siemens Scalance X-200等都是德国西门子(Siemens)公司的一款工业级以太网交换机。
多款Siemens产品中存在输入验证错误漏洞,攻击者可利用该漏洞劫持其他用户的点击操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf
Reference
https://www.us-cert.gov/ics/advisories/icsa-20-042-07
Impacted products
| Name | ['Siemens SCALANCE X-200IRT', 'Siemens SCALANCE X-200 <5.2.4', 'Siemens SCALANCE X-300 <4.1.3'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-13924"
}
},
"description": "Siemens Scalance X-200\u7b49\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u7ea7\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\u3002\n\n\u591a\u6b3eSiemens\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u52ab\u6301\u5176\u4ed6\u7528\u6237\u7684\u70b9\u51fb\u64cd\u4f5c\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-23037",
"openTime": "2020-04-16",
"patchDescription": "Siemens Scalance X-200\u7b49\u90fd\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u7ea7\u4ee5\u592a\u7f51\u4ea4\u6362\u673a\u3002\r\n\r\n\u591a\u6b3eSiemens\u4ea7\u54c1\u4e2d\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u52ab\u6301\u5176\u4ed6\u7528\u6237\u7684\u70b9\u51fb\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-23037\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens SCALANCE X-200IRT",
"Siemens SCALANCE X-200 \u003c5.2.4",
"Siemens SCALANCE X-300 \u003c4.1.3"
]
},
"referenceLink": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07",
"serverity": "\u4e2d",
"submitTime": "2020-02-12",
"title": "\u591a\u6b3eSiemens\u4ea7\u54c1\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff08CNVD-2020-23037\uff09"
}
SSA-951513
Vulnerability from csaf_siemens - Published: 2020-02-11 00:00 - Updated: 2022-12-13 00:00Summary
SSA-951513: Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, X-200RNA and X-200 Switch Families
Notes
Summary
Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions
if the victim is tricked into clicking on a website controlled by the attacker.
The attack only works if the victim has an authenticated session on the administrative interface of the switch.
Siemens has released updates for the affected products and recommends to update to the latest versions.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at:
https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"notes": [
{
"category": "summary",
"text": "Several SCALANCE X switches contain a vulnerability that could allow an attacker to perform administrative actions\nif the victim is tricked into clicking on a website controlled by the attacker.\nThe attack only works if the victim has an authenticated session on the administrative interface of the switch.\n\nSiemens has released updates for the affected products and recommends to update to the latest versions.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: \nhttps://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-951513: Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, X-200RNA and X-200 Switch Families - PDF Version",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"category": "self",
"summary": "SSA-951513: Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, X-200RNA and X-200 Switch Families - TXT Version",
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-951513.txt"
},
{
"category": "self",
"summary": "SSA-951513: Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, X-200RNA and X-200 Switch Families - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-951513.json"
}
],
"title": "SSA-951513: Clickjacking Vulnerability in SCALANCE S, SCALANCE X-300, X-200IRT, X-200RNA and X-200 Switch Families",
"tracking": {
"current_release_date": "2022-12-13T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-951513",
"initial_release_date": "2020-02-11T00:00:00Z",
"revision_history": [
{
"date": "2020-02-11T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2021-02-09T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added solution for SCALANCE X-200IRT switch family"
},
{
"date": "2021-04-13T00:00:00Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added affected products SCALANCE S602, SCALANCE S612, SCALANCE S623, and SCALANCE S627-2M"
},
{
"date": "2022-12-13T00:00:00Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Added SCALANCE X-200RNA switch family"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V4.1",
"product": {
"name": "SCALANCE S602",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "SCALANCE S602"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V4.1",
"product": {
"name": "SCALANCE S612",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "SCALANCE S612"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V4.1",
"product": {
"name": "SCALANCE S623",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "SCALANCE S623"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V4.1",
"product": {
"name": "SCALANCE S627-2M",
"product_id": "4"
}
}
],
"category": "product_name",
"name": "SCALANCE S627-2M"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 5.2.4",
"product": {
"name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"product_id": "5"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V5.5.0",
"product": {
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"product_id": "6"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c V3.2.7",
"product": {
"name": "SCALANCE X-200RNA switch family",
"product_id": "7"
}
}
],
"category": "product_name",
"name": "SCALANCE X-200RNA switch family"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.1.3",
"product": {
"name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"product_id": "8"
}
}
],
"category": "product_name",
"name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-13924",
"cwe": {
"id": "CWE-693",
"name": "Protection Mechanism Failure"
},
"notes": [
{
"category": "summary",
"text": "The device does not send the X-Frame-Option Header in the administrative web\ninterface, which makes it vulnerable to Clickjacking attacks. \n\nThe security vulnerability could be exploited by an attacker that is able\nto trick an administrative user with a valid session on the target device into\nclicking on a website controlled by the attacker. The vulnerability could\nallow an attacker to perform administrative actions via the web interface.\n",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Only access links from trusted sources in the browser you use to configure the SCALANCE X switches.",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
},
{
"category": "mitigation",
"details": "Upgrade hardware to successor product from SCALANCE SC-600 family (\nhttps://support.industry.siemens.com/cs/document/109756957) and apply patches when available, or follow recommendations from section Workarounds and Mitigations",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V4.1.3 or later version",
"product_ids": [
"8"
],
"url": "https://support.industry.siemens.com/cs/document/109773547/"
},
{
"category": "vendor_fix",
"details": "Update to V5.2.4 or later version",
"product_ids": [
"5"
],
"url": "https://support.industry.siemens.com/cs/document/109767965/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.0 or later version",
"product_ids": [
"6"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109792534/"
},
{
"category": "vendor_fix",
"details": "Update to V4.1 or later version\nUpdate is only available via Siemens Support contact",
"product_ids": [
"1",
"2",
"3",
"4"
]
},
{
"category": "vendor_fix",
"details": "Update to V3.2.7 or later version",
"product_ids": [
"7"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109814809/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L/E:P/RL:U/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8"
]
}
],
"title": "CVE-2019-13924"
}
]
}
VAR-202002-0450
Vulnerability from variot - Updated: 2023-12-18 11:21A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. plural SCALANCE The product contains a vulnerability regarding improper restrictions on rendered user interface layers or frames.Information may be obtained and tampered with. Siemens Scalance X-200, etc. are all industrial-grade Ethernet switches from the German company Siemens.
Input validation error vulnerabilities exist in many Siemens products, and attackers can use this vulnerability to hijack the click operations of other users
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0450",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scalance x-200irt",
"scope": null,
"trust": 1.4,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xp-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.4"
},
{
"model": "scalance xc-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.4"
},
{
"model": "scalance xf-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.4"
},
{
"model": "scalance xb-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "5.2.4"
},
{
"model": "scalance xr-300wg",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.3"
},
{
"model": "scalance xr-300",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.3"
},
{
"model": "scalance x-300",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1.3"
},
{
"model": "scalance x-200irt",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance x-300",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xb-200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xc-200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xf-200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xp-200",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr-300",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr-300wg",
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x-200\u003c5.2.4"
},
{
"model": "scalance",
"scope": "eq",
"trust": 0.6,
"vendor": "siemens",
"version": "x-300\u003c4.1.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23037"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014544"
},
{
"db": "NVD",
"id": "CVE-2019-13924"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf-200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf-200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported this vulnerability to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-448"
}
],
"trust": 0.6
},
"cve": "CVE-2019-13924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2019-014544",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2020-23037",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2019-13924",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2019-014544",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13924",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2019-014544",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2020-23037",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-448",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-13924",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23037"
},
{
"db": "VULMON",
"id": "CVE-2019-13924"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014544"
},
{
"db": "NVD",
"id": "CVE-2019-13924"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-448"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SCALANCE S602 (All versions \u003c V4.1), SCALANCE S612 (All versions \u003c V4.1), SCALANCE S623 (All versions \u003c V4.1), SCALANCE S627-2M (All versions \u003c V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-200RNA switch family (All versions \u003c V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. plural SCALANCE The product contains a vulnerability regarding improper restrictions on rendered user interface layers or frames.Information may be obtained and tampered with. Siemens Scalance X-200, etc. are all industrial-grade Ethernet switches from the German company Siemens. \n\r\n\r\nInput validation error vulnerabilities exist in many Siemens products, and attackers can use this vulnerability to hijack the click operations of other users",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13924"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014544"
},
{
"db": "CNVD",
"id": "CNVD-2020-23037"
},
{
"db": "VULMON",
"id": "CVE-2019-13924"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-20-042-07",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2019-13924",
"trust": 3.1
},
{
"db": "SIEMENS",
"id": "SSA-951513",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014544",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-23037",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-06",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-08",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-10",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-02",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-01",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-05",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-03",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-09",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-20-042-04",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2020.0486",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-448",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-13924",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23037"
},
{
"db": "VULMON",
"id": "CVE-2019-13924"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014544"
},
{
"db": "NVD",
"id": "CVE-2019-13924"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-448"
}
]
},
"id": "VAR-202002-0450",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23037"
}
],
"trust": 1.1942930916666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23037"
}
]
},
"last_update_date": "2023-12-18T11:21:00.573000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-951513",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"title": "Patch for Multiple Siemens product input verification error vulnerabilities (CNVD-2020-23037)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/214035"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=5642b576f8acf92e9e203f2ccf52e87d"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23037"
},
{
"db": "VULMON",
"id": "CVE-2019-13924"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014544"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-693",
"trust": 1.0
},
{
"problemtype": "CWE-1021",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014544"
},
{
"db": "NVD",
"id": "CVE-2019-13924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.7,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
},
{
"trust": 1.7,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13924"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13924"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-10"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-09"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-08"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-06"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-05"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-04"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-03"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-02"
},
{
"trust": 0.6,
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-01"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486.2/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.0486.3/"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-042-07"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/693.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-20-042-07"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-23037"
},
{
"db": "VULMON",
"id": "CVE-2019-13924"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014544"
},
{
"db": "NVD",
"id": "CVE-2019-13924"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-448"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-23037"
},
{
"db": "VULMON",
"id": "CVE-2019-13924"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014544"
},
{
"db": "NVD",
"id": "CVE-2019-13924"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-448"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23037"
},
{
"date": "2020-02-11T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13924"
},
{
"date": "2020-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014544"
},
{
"date": "2020-02-11T16:15:14.430000",
"db": "NVD",
"id": "CVE-2019-13924"
},
{
"date": "2020-02-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-448"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-23037"
},
{
"date": "2022-12-13T00:00:00",
"db": "VULMON",
"id": "CVE-2019-13924"
},
{
"date": "2020-03-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014544"
},
{
"date": "2022-12-13T17:15:12.527000",
"db": "NVD",
"id": "CVE-2019-13924"
},
{
"date": "2022-12-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-448"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-448"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural SCALANCE Vulnerability in improper restrictions on rendered user interface layers or frames in the product",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014544"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-448"
}
],
"trust": 0.6
}
}
GSD-2019-13924
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-13924",
"description": "A vulnerability has been identified in SCALANCE S602 (All versions \u003c V4.1), SCALANCE S612 (All versions \u003c V4.1), SCALANCE S623 (All versions \u003c V4.1), SCALANCE S627-2M (All versions \u003c V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions \u003c 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions \u003c 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.",
"id": "GSD-2019-13924"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-13924"
],
"details": "A vulnerability has been identified in SCALANCE S602 (All versions \u003c V4.1), SCALANCE S612 (All versions \u003c V4.1), SCALANCE S623 (All versions \u003c V4.1), SCALANCE S627-2M (All versions \u003c V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-200RNA switch family (All versions \u003c V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.",
"id": "GSD-2019-13924",
"modified": "2023-12-13T01:23:41.557713Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-13924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE S602",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE S612",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE S623",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE S627-2M",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V4.1"
}
]
}
},
{
"product_name": "SCALANCE X-200 switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 5.2.4"
}
]
}
},
{
"product_name": "SCALANCE X-200IRT switch family (incl. SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.5.0"
}
]
}
},
{
"product_name": "SCALANCE X-200RNA switch family",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.2.7"
}
]
}
},
{
"product_name": "SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 4.1.3"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE S602 (All versions \u003c V4.1), SCALANCE S612 (All versions \u003c V4.1), SCALANCE S623 (All versions \u003c V4.1), SCALANCE S627-2M (All versions \u003c V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-200RNA switch family (All versions \u003c V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xf-200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xf-200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-13924"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE S602 (All versions \u003c V4.1), SCALANCE S612 (All versions \u003c V4.1), SCALANCE S623 (All versions \u003c V4.1), SCALANCE S627-2M (All versions \u003c V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-200RNA switch family (All versions \u003c V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"name": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07",
"refsource": "MISC",
"tags": [],
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
},
"lastModifiedDate": "2022-12-13T17:15Z",
"publishedDate": "2020-02-11T16:15Z"
}
}
}
FKIE_CVE-2019-13924
Vulnerability from fkie_nvd - Published: 2020-02-11 16:15 - Updated: 2024-11-21 04:25
Severity ?
Summary
A vulnerability has been identified in SCALANCE S602 (All versions < V4.1), SCALANCE S612 (All versions < V4.1), SCALANCE S623 (All versions < V4.1), SCALANCE S627-2M (All versions < V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xc-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4E946F8-C80D-4765-AB71-5A69C4B167E9",
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xc-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7719E194-EE3D-4CE8-8C85-CF0D82A553AA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xf-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72EABB5D-56FE-4AF7-BDE4-B920566AB9A3",
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xf-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB503096-C528-478C-BD07-019C2CC882E4",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xp-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3E0EEF4A-CC34-4F10-9BED-0EB1BE23811F",
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xp-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F962FC7-0616-467F-8CCA-ADEA224B5F7B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x-200irt_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "602CAF2E-2276-455C-82E5-A05BBFC198C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x-200irt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "94C7BE35-D3A6-488C-BB3D-D17D65DF4B80",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xb-200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C09B7A1-FC9C-4FF7-BA75-8AD8CE933C5C",
"versionEndExcluding": "5.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xb-200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB3CC2D-CBF0-4F53-A412-01BBC39E34C2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr-300wg_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02B398C3-3EDD-4FD4-977A-8461DB27CC49",
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr-300wg:-:*:*:*:*:*:*:*",
"matchCriteriaId": "434BC9BE-C5DB-4DAF-8E07-DFE4EEA0D7FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_x-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "076F3DDE-2B70-4F53-9B12-7CE3D9641E7E",
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_x-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2D0AB50-6F0B-4232-8C8E-1647410D362D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:siemens:scalance_xr-300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "129E733C-0BF1-4DF0-9772-66009BA3C64D",
"versionEndExcluding": "4.1.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:siemens:scalance_xr-300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "889CF2C0-EE6C-447F-85F1-005730EAD232",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SCALANCE S602 (All versions \u003c V4.1), SCALANCE S612 (All versions \u003c V4.1), SCALANCE S623 (All versions \u003c V4.1), SCALANCE S627-2M (All versions \u003c V4.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions \u003c 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions \u003c V5.5.0), SCALANCE X-200RNA switch family (All versions \u003c V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions \u003c 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en la SCALANCE S602 (Todas las versiones anteriores a V4.1), SCALANCE S612 (Todas las versiones anteriores a V4.1), SCALANCE S623 (Todas las versiones anteriores a V4.1), SCALANCE S627-2M (Todas las versiones anteriores a V4.1), familia de switches SCALANCE X-200 (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a 5.2.4), familia de switches SCALANCE X-200IRT (incluidas las variantes SIPLUS NET) (Todas las versiones anteriores a V5.5.0), familia de switches SCALANCE X-300 (incluidas las variantes X408 y SIPLUS NET) (Todas las versiones anteriores a 4.1.3). El dispositivo no env\u00eda el encabezado X-Frame-Option en la interfaz web administrativa, lo que lo hace vulnerable a los ataques de Clickjacking. La vulnerabilidad de seguridad podr\u00eda ser explotada por un atacante que es capaz de enga\u00f1ar a un usuario administrativo con una sesi\u00f3n v\u00e1lida en el dispositivo de destino para que haga clic en un sitio web controlado por el atacante. La vulnerabilidad podr\u00eda permitir a un atacante realizar acciones administrativas a trav\u00e9s de la interfaz web"
}
],
"id": "CVE-2019-13924",
"lastModified": "2024-11-21T04:25:42.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-11T16:15:14.430",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"source": "productcert@siemens.com",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-693"
}
],
"source": "productcert@siemens.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-9V8P-C94C-Q287
Vulnerability from github – Published: 2022-05-24 17:08 – Updated: 2022-12-13 18:30
VLAI?
Details
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions < 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions < 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.
Severity ?
5.4 (Medium)
{
"affected": [],
"aliases": [
"CVE-2019-13924"
],
"database_specific": {
"cwe_ids": [
"CWE-1021",
"CWE-693"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-02-11T16:15:00Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (all versions \u003c 5.2.4), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (all versions \u003c 4.1.3). The device does not send the X-Frame-Option Header in the administrative web interface, which makes it vulnerable to Clickjacking attacks. The security vulnerability could be exploited by an attacker that is able to trick an administrative user with a valid session on the target device into clicking on a website controlled by the attacker. The vulnerability could allow an attacker to perform administrative actions via the web interface. At the time of advisory publication no public exploitation of this security vulnerability was known.",
"id": "GHSA-9v8p-c94c-q287",
"modified": "2022-12-13T18:30:27Z",
"published": "2022-05-24T17:08:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-13924"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
},
{
"type": "WEB",
"url": "https://www.us-cert.gov/ics/advisories/icsa-20-042-07"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…