Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-35198 (GCVE-0-2020-35198)
Vulnerability from cvelistv5 – Published: 2021-05-12 10:55 – Updated: 2024-08-04 17:02
VLAI?
EPSS
Summary
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:02:06.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:22:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support2.windriver.com/index.php?page=security-notices",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35198",
"datePublished": "2021-05-12T10:55:47",
"dateReserved": "2020-12-12T00:00:00",
"dateUpdated": "2024-08-04T17:02:06.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.9\", \"versionEndExcluding\": \"6.9.4.12\", \"matchCriteriaId\": \"2E27E761-92D8-4A67-8D23-213E0C7BFFC6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.0\", \"versionEndExcluding\": \"21.03\", \"matchCriteriaId\": \"DB07AF57-0F8D-4DCD-80DA-64096674F017\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"69674D4D-2848-46BA-9367-7AA85EE2CD99\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*\", \"matchCriteriaId\": \"1052B8F5-1BC4-46B6-A8F1-F1BF9A40DDAF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer2:*:*:*:*:*:*\", \"matchCriteriaId\": \"7AABF1E5-DA6B-462D-A047-EC843F94568E\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"46.8.0\", \"versionEndIncluding\": \"46.8.2\", \"matchCriteriaId\": \"8D23D483-D206-46C5-8BFE-4FA23DD8AB52\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"46.9.1\", \"versionEndIncluding\": \"46.9.3\", \"matchCriteriaId\": \"4143A5F6-CD91-4209-A52B-98854CCAC987\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FED9166-7A2A-453D-9792-7A6361CEF594\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Wind River VxWorks versi\\u00f3n 7. El asignador de memoria presenta un posible desbordamiento de enteros al calcular el tama\\u00f1o de un bloque de memoria que es asignado por una funci\\u00f3n calloc(). Como resultado, la memoria actual asignada es menor que el tama\\u00f1o del b\\u00fafer especificado por los argumentos, conllevando a una corrupci\\u00f3n de la memoria\"}]",
"id": "CVE-2020-35198",
"lastModified": "2024-11-21T05:26:56.603",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-05-12T11:15:07.837",
"references": "[{\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=security-notices\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://support2.windriver.com/index.php?page=security-notices\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-35198\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-05-12T11:15:07.837\",\"lastModified\":\"2024-11-21T05:26:56.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Wind River VxWorks versi\u00f3n 7. El asignador de memoria presenta un posible desbordamiento de enteros al calcular el tama\u00f1o de un bloque de memoria que es asignado por una funci\u00f3n calloc(). Como resultado, la memoria actual asignada es menor que el tama\u00f1o del b\u00fafer especificado por los argumentos, conllevando a una corrupci\u00f3n de la memoria\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.9\",\"versionEndExcluding\":\"6.9.4.12\",\"matchCriteriaId\":\"2E27E761-92D8-4A67-8D23-213E0C7BFFC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.0\",\"versionEndExcluding\":\"21.03\",\"matchCriteriaId\":\"DB07AF57-0F8D-4DCD-80DA-64096674F017\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"69674D4D-2848-46BA-9367-7AA85EE2CD99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*\",\"matchCriteriaId\":\"1052B8F5-1BC4-46B6-A8F1-F1BF9A40DDAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer2:*:*:*:*:*:*\",\"matchCriteriaId\":\"7AABF1E5-DA6B-462D-A047-EC843F94568E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"46.8.0\",\"versionEndIncluding\":\"46.8.2\",\"matchCriteriaId\":\"8D23D483-D206-46C5-8BFE-4FA23DD8AB52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"46.9.1\",\"versionEndIncluding\":\"46.9.3\",\"matchCriteriaId\":\"4143A5F6-CD91-4209-A52B-98854CCAC987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FED9166-7A2A-453D-9792-7A6361CEF594\"}]}]}],\"references\":[{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=security-notices\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support2.windriver.com/index.php?page=security-notices\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
CERTFR-2023-AVI-0297
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Modicon M580 NOC Control (BMENOC0321) versions antérieures à 1.8 | ||
| Schneider Electric | N/A | PacDrive 3 Controllers LMC | ||
| Schneider Electric | N/A | Easergy Builder installer versions antérieures à V1.7.24 | ||
| Schneider Electric | N/A | Modicon Controller LMC058 | ||
| Schneider Electric | N/A | Modicon Controller M258 | ||
| Schneider Electric | N/A | Eco/Pro/Pro2 | ||
| Schneider Electric | N/A | Modicon M580 versions antérieures à SV4.10 | ||
| Schneider Electric | Modicon M340 | Modicon Modicon M340 CPU (part numbers BMXP34*) versions antérieures à SV3.51 | ||
| Schneider Electric | N/A | Modicon Controller M262 | ||
| Schneider Electric | N/A | PacDrive Controller LMC078 | ||
| Schneider Electric | N/A | Modicon Controller M241 | ||
| Schneider Electric | N/A | InsightHome, InsightFacility et Conext Gateway versions antérieures à 1.17 Build 079 | ||
| Schneider Electric | N/A | EcoStruxure Control Expert versions antérieures à V15.3 | ||
| Schneider Electric | N/A | Schneider Electric Easy UPS Online versions antérieures à 2.6-GS | ||
| Schneider Electric | N/A | Modicon Controller M218 | ||
| Schneider Electric | N/A | HMISCU Controller | ||
| Schneider Electric | N/A | Modicon Controller M251 | ||
| Schneider Electric | N/A | Easy Harmony ET6 (HMIET Series) et Easy Harmony GXU (HMIGXU Series) avec Vijeo Designer Basic versions antérieures à V1.2.1 Hotfix 4 | ||
| Schneider Electric | N/A | APC Easy UPS Online Monitoring versions antérieures à 2.6-GA | ||
| Schneider Electric | N/A | Modicon M580 Ethernet Communication Modules (BMENOC0301 et BMENOC0311) versions antérieures à SV2.21 | ||
| Schneider Electric | Modicon M340 | Modicon M340 CPU versions antérieures à SV3.51 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon M580 NOC Control (BMENOC0321) versions ant\u00e9rieures \u00e0 1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PacDrive 3 Controllers LMC",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easergy Builder installer versions ant\u00e9rieures \u00e0 V1.7.24",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller LMC058",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M258",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Eco/Pro/Pro2",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 versions ant\u00e9rieures \u00e0 SV4.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Modicon M340 CPU (part numbers BMXP34*) versions ant\u00e9rieures \u00e0 SV3.51",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M262",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PacDrive Controller LMC078",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M241",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "InsightHome, InsightFacility et Conext Gateway versions ant\u00e9rieures \u00e0 1.17 Build 079",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 V15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Easy UPS Online versions ant\u00e9rieures \u00e0 2.6-GS",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M218",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISCU Controller",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M251",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easy Harmony ET6 (HMIET Series) et Easy Harmony GXU (HMIGXU Series) avec Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.2.1 Hotfix 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "APC Easy UPS Online Monitoring versions ant\u00e9rieures \u00e0 2.6-GA",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 Ethernet Communication Modules (BMENOC0301 et BMENOC0311) versions ant\u00e9rieures \u00e0 SV2.21",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 CPU versions ant\u00e9rieures \u00e0 SV3.51",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-29413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29413"
},
{
"name": "CVE-2023-29410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29410"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-4046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4046"
},
{
"name": "CVE-2023-29412",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29412"
},
{
"name": "CVE-2023-27976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27976"
},
{
"name": "CVE-2022-34755",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34755"
},
{
"name": "CVE-2023-25620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25620"
},
{
"name": "CVE-2023-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1548"
},
{
"name": "CVE-2023-29411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29411"
},
{
"name": "CVE-2023-28355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28355"
},
{
"name": "CVE-2023-25619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25619"
},
{
"name": "CVE-2022-45788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45788"
},
{
"name": "CVE-2022-4224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4224"
},
{
"name": "CVE-2021-29241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29241"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0297",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-011-06 du 11 janvier 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-011-06_CODESYSV3_Runtime_Development_System_and_Gateway_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-05 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-06 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-06.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-04 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-02 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-02.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-03 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-03.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-01 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-01.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-010-05 du 10 janvier 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf"
}
]
}
CERTFR-2022-AVI-1000
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NetBotz 4 - 355/450/455/550/570 versions ant\u00e9rieures \u00e0 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ISaGRAF versions ant\u00e9rieures \u00e0 6.6.9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EPC2000 versions ant\u00e9rieures \u00e0 4.03",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-43378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43378"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-43377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43377"
},
{
"name": "CVE-2022-43376",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43376"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1000",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer un contournement\nde la politique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-312-01 du 8 novembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-159-04 du 8 novembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-159-04_ISaGRAF_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 8 novembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification.pdf"
}
]
}
CERTFR-2021-AVI-953
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | SCD6000 Industrial RTU version SCD6000 SY11012 11_M et antérieures | ||
| N/A | N/A | Modicon BMENOC 0311 | ||
| N/A | N/A | EVlink City (EVC1S22P4 / EVC1S7P4), EVlink Parking (EVW2 / EVF2 / EVP2PE), EVlink Smart Wallbox EVB1A toutes versions antérieures à R8 V3.4.0.2 | ||
| N/A | N/A | Modicon BMENOC 0321 | ||
| N/A | N/A | Modicon M580 | ||
| N/A | N/A | EcoStruxure™ Power Monitoring Expert versions V9.0 et antérieures | ||
| N/A | N/A | IGSS Data Collector (dc.exe) version 15.0.0.21320 et antérieures | ||
| N/A | N/A | APDU9xxx with NMC3 version V1.0.0.28 et antérieures | ||
| N/A | N/A | AP7xxxx and AP8xxx with NMC2 version V6.9.6 et antérieures | ||
| N/A | N/A | AP7xxx and AP8xxx with NMC3 version V1.1.0.3 et antérieures |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCD6000 Industrial RTU version SCD6000 SY11012 11_M et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon BMENOC 0311",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EVlink City (EVC1S22P4 / EVC1S7P4), EVlink Parking (EVW2 / EVF2 / EVP2PE), EVlink Smart Wallbox EVB1A toutes versions ant\u00e9rieures \u00e0 R8 V3.4.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon BMENOC 0321",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M580",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure\u2122 Power Monitoring Expert versions V9.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "IGSS Data Collector (dc.exe) version 15.0.0.21320 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "APDU9xxx with NMC3 version V1.0.0.28 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "AP7xxxx and AP8xxx with NMC2 version V6.9.6 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "AP7xxx and AP8xxx with NMC3 version V1.1.0.3 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22725",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22725"
},
{
"name": "CVE-2019-6848",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6848"
},
{
"name": "CVE-2021-22156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22156"
},
{
"name": "CVE-2021-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22823"
},
{
"name": "CVE-2021-22818",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22818"
},
{
"name": "CVE-2021-22820",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22820"
},
{
"name": "CVE-2021-22821",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22821"
},
{
"name": "CVE-2021-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22824"
},
{
"name": "CVE-2021-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22822"
},
{
"name": "CVE-2019-6849",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6849"
},
{
"name": "CVE-2021-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22825"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2021-22724",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22724"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22826"
},
{
"name": "CVE-2019-6850",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6850"
},
{
"name": "CVE-2021-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22827"
},
{
"name": "CVE-2021-22819",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22819"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-953",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-02 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-01 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SSEVD-2021-348-03 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-04 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-04 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
}
]
}
CERTFR-2022-AVI-123
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IGSS Data Server versions antérieures à V15.0.0.22021
EcoStruxure EV Charging Expert versions antérieures à V4.0.0.13 SP8 (Version 01)
Easergy P40 Series model numbers avec option Ethernet (produit ayant le code Q, R, S)
spaceLYnk versions antérieures à 2.7.0
Wiser for KNX product versions antérieures à 2.7.0
fellerLYnk product versions antérieures à 2.7.0
EcoStruxure Geo SCADA Expert versions antérieures à 2021
ClearSCADA versions antérieures à 2017 R3 August 2021 Monthly Update.
Harmony/Magelis iPC Series sans le correctif fourni avec Vijeo Designer version V6.2 SP11 Multi HotFix 4
Vijeo Designer versions antérieures à V6.2 SP11 Multi HotFix 4
Vijeo Designer Basic versions antérieures à v1.2.1
M241/M251 toutes versions
EcoStruxure Machine Expert toutes versions
Harmony/Magelis modèles HMISTU, HMIGTO, HMIGTU, HMIGTUX, HMIGK, HMISCU
Eurotherm E+PLC100 toutes versions
Eurotherm E+PLC400 toutes versions
Eurotherm E+PLC tools toutes versions
Easy Harmony ET6 (HMIET) sans le correctif fourni avec Vijeo Designer Basic version V1.2.1
Easy Harmony GXU (HMIGXU) sans le correctif fourni avec Vijeo Designer Basic version V1.2.1
Harmony/ Magelis modèles HMIGTU, HMIGTUX, HMIGK sans le correctif fourni avec Vijeo Designer version V6.2 SP11 Multi HotFix 4
Modicon M241/M251 Logic Controllers versions antérieures à V5.1.9.34
Modicon M262 Logic Controllers versions antérieures à V5.1.6.1
Easergy MiCOM P30 versions 660 -674
Easergy MiCOM P40 toutes versions
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eIGSS Data Server versions ant\u00e9rieures \u00e0 V15.0.0.22021\u003cbr /\u003e EcoStruxure EV Charging Expert versions ant\u00e9rieures \u00e0 V4.0.0.13 SP8 (Version 01)\u003cbr /\u003e Easergy P40 Series model numbers avec option Ethernet (produit ayant le code Q, R, S)\u003cbr /\u003e spaceLYnk versions ant\u00e9rieures \u00e0 2.7.0\u003cbr /\u003e Wiser for KNX product versions ant\u00e9rieures \u00e0 2.7.0\u003cbr /\u003e fellerLYnk product versions ant\u00e9rieures \u00e0 2.7.0\u003cbr /\u003e EcoStruxure Geo SCADA Expert versions ant\u00e9rieures \u00e0 2021\u003cbr /\u003e ClearSCADA versions ant\u00e9rieures \u00e0 2017 R3 August 2021 Monthly Update.\u003cbr /\u003e Harmony/Magelis iPC Series sans le correctif fourni avec Vijeo Designer version V6.2 SP11 Multi HotFix 4\u003cbr /\u003e Vijeo Designer versions ant\u00e9rieures \u00e0 V6.2 SP11 Multi HotFix 4\u003cbr /\u003e Vijeo Designer Basic versions ant\u00e9rieures \u00e0 v1.2.1\u003cbr /\u003e M241/M251 toutes versions\u003cbr /\u003e EcoStruxure Machine Expert toutes versions\u003cbr /\u003e Harmony/Magelis mod\u00e8les HMISTU, HMIGTO, HMIGTU, HMIGTUX, HMIGK, HMISCU\u003cbr /\u003e Eurotherm E+PLC100 toutes versions\u003cbr /\u003e Eurotherm E+PLC400 toutes versions\u003cbr /\u003e Eurotherm E+PLC tools toutes versions\u003cbr /\u003e Easy Harmony ET6 (HMIET) sans le correctif fourni avec Vijeo Designer Basic version V1.2.1\u003cbr /\u003e Easy Harmony GXU (HMIGXU) sans le correctif fourni avec Vijeo Designer Basic version V1.2.1\u003cbr /\u003e Harmony/ Magelis mod\u00e8les HMIGTU, HMIGTUX, HMIGK sans le correctif fourni avec Vijeo Designer version V6.2 SP11 Multi HotFix 4\u003cbr /\u003e Modicon M241/M251 Logic Controllers versions ant\u00e9rieures \u00e0 V5.1.9.34\u003cbr /\u003e Modicon M262 Logic Controllers versions ant\u00e9rieures \u00e0 V5.1.6.1\u003cbr /\u003e Easergy MiCOM P30 versions 660 -674\u003cbr /\u003e Easergy MiCOM P40 toutes versions\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22817",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22817"
},
{
"name": "CVE-2022-22812",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22812"
},
{
"name": "CVE-2022-24312",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24312"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-24316",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24316"
},
{
"name": "CVE-2022-24314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24314"
},
{
"name": "CVE-2022-24320",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24320"
},
{
"name": "CVE-2022-22811",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22811"
},
{
"name": "CVE-2022-24321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24321"
},
{
"name": "CVE-2022-22810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22810"
},
{
"name": "CVE-2022-24310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24310"
},
{
"name": "CVE-2022-24311",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24311"
},
{
"name": "CVE-2022-24318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24318"
},
{
"name": "CVE-2022-22813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22813"
},
{
"name": "CVE-2022-24313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24313"
},
{
"name": "CVE-2022-24319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24319"
},
{
"name": "CVE-2022-24315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24315"
},
{
"name": "CVE-2022-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22809"
},
{
"name": "CVE-2022-22808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22808"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2022-24317",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24317"
},
{
"name": "CVE-2021-29240",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29240"
},
{
"name": "CVE-2022-22807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22807"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-123",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-01 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-04 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-05 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-03 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-06 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-02 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02"
}
]
}
CERTFR-2022-AVI-123
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
IGSS Data Server versions antérieures à V15.0.0.22021
EcoStruxure EV Charging Expert versions antérieures à V4.0.0.13 SP8 (Version 01)
Easergy P40 Series model numbers avec option Ethernet (produit ayant le code Q, R, S)
spaceLYnk versions antérieures à 2.7.0
Wiser for KNX product versions antérieures à 2.7.0
fellerLYnk product versions antérieures à 2.7.0
EcoStruxure Geo SCADA Expert versions antérieures à 2021
ClearSCADA versions antérieures à 2017 R3 August 2021 Monthly Update.
Harmony/Magelis iPC Series sans le correctif fourni avec Vijeo Designer version V6.2 SP11 Multi HotFix 4
Vijeo Designer versions antérieures à V6.2 SP11 Multi HotFix 4
Vijeo Designer Basic versions antérieures à v1.2.1
M241/M251 toutes versions
EcoStruxure Machine Expert toutes versions
Harmony/Magelis modèles HMISTU, HMIGTO, HMIGTU, HMIGTUX, HMIGK, HMISCU
Eurotherm E+PLC100 toutes versions
Eurotherm E+PLC400 toutes versions
Eurotherm E+PLC tools toutes versions
Easy Harmony ET6 (HMIET) sans le correctif fourni avec Vijeo Designer Basic version V1.2.1
Easy Harmony GXU (HMIGXU) sans le correctif fourni avec Vijeo Designer Basic version V1.2.1
Harmony/ Magelis modèles HMIGTU, HMIGTUX, HMIGK sans le correctif fourni avec Vijeo Designer version V6.2 SP11 Multi HotFix 4
Modicon M241/M251 Logic Controllers versions antérieures à V5.1.9.34
Modicon M262 Logic Controllers versions antérieures à V5.1.6.1
Easergy MiCOM P30 versions 660 -674
Easergy MiCOM P40 toutes versions
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eIGSS Data Server versions ant\u00e9rieures \u00e0 V15.0.0.22021\u003cbr /\u003e EcoStruxure EV Charging Expert versions ant\u00e9rieures \u00e0 V4.0.0.13 SP8 (Version 01)\u003cbr /\u003e Easergy P40 Series model numbers avec option Ethernet (produit ayant le code Q, R, S)\u003cbr /\u003e spaceLYnk versions ant\u00e9rieures \u00e0 2.7.0\u003cbr /\u003e Wiser for KNX product versions ant\u00e9rieures \u00e0 2.7.0\u003cbr /\u003e fellerLYnk product versions ant\u00e9rieures \u00e0 2.7.0\u003cbr /\u003e EcoStruxure Geo SCADA Expert versions ant\u00e9rieures \u00e0 2021\u003cbr /\u003e ClearSCADA versions ant\u00e9rieures \u00e0 2017 R3 August 2021 Monthly Update.\u003cbr /\u003e Harmony/Magelis iPC Series sans le correctif fourni avec Vijeo Designer version V6.2 SP11 Multi HotFix 4\u003cbr /\u003e Vijeo Designer versions ant\u00e9rieures \u00e0 V6.2 SP11 Multi HotFix 4\u003cbr /\u003e Vijeo Designer Basic versions ant\u00e9rieures \u00e0 v1.2.1\u003cbr /\u003e M241/M251 toutes versions\u003cbr /\u003e EcoStruxure Machine Expert toutes versions\u003cbr /\u003e Harmony/Magelis mod\u00e8les HMISTU, HMIGTO, HMIGTU, HMIGTUX, HMIGK, HMISCU\u003cbr /\u003e Eurotherm E+PLC100 toutes versions\u003cbr /\u003e Eurotherm E+PLC400 toutes versions\u003cbr /\u003e Eurotherm E+PLC tools toutes versions\u003cbr /\u003e Easy Harmony ET6 (HMIET) sans le correctif fourni avec Vijeo Designer Basic version V1.2.1\u003cbr /\u003e Easy Harmony GXU (HMIGXU) sans le correctif fourni avec Vijeo Designer Basic version V1.2.1\u003cbr /\u003e Harmony/ Magelis mod\u00e8les HMIGTU, HMIGTUX, HMIGK sans le correctif fourni avec Vijeo Designer version V6.2 SP11 Multi HotFix 4\u003cbr /\u003e Modicon M241/M251 Logic Controllers versions ant\u00e9rieures \u00e0 V5.1.9.34\u003cbr /\u003e Modicon M262 Logic Controllers versions ant\u00e9rieures \u00e0 V5.1.6.1\u003cbr /\u003e Easergy MiCOM P30 versions 660 -674\u003cbr /\u003e Easergy MiCOM P40 toutes versions\u003c/p\u003e ",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22817",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22817"
},
{
"name": "CVE-2022-22812",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22812"
},
{
"name": "CVE-2022-24312",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24312"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-24316",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24316"
},
{
"name": "CVE-2022-24314",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24314"
},
{
"name": "CVE-2022-24320",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24320"
},
{
"name": "CVE-2022-22811",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22811"
},
{
"name": "CVE-2022-24321",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24321"
},
{
"name": "CVE-2022-22810",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22810"
},
{
"name": "CVE-2022-24310",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24310"
},
{
"name": "CVE-2022-24311",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24311"
},
{
"name": "CVE-2022-24318",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24318"
},
{
"name": "CVE-2022-22813",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22813"
},
{
"name": "CVE-2022-24313",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24313"
},
{
"name": "CVE-2022-24319",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24319"
},
{
"name": "CVE-2022-24315",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24315"
},
{
"name": "CVE-2022-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22809"
},
{
"name": "CVE-2022-22808",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22808"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2022-24317",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24317"
},
{
"name": "CVE-2021-29240",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29240"
},
{
"name": "CVE-2022-22807",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22807"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-123",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-01 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-04 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-05 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-03 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-06 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-039-02 du 08 f\u00e9vrier 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-039-02"
}
]
}
CERTFR-2021-AVI-639
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les systèmes d'exploitation temps réel (RTOS, Real Time OS). Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Cette famille de vulnérabilités dans les RTOS a été découverte, décrite puis nommée « BadAlloc » par Microsoft, appellation donnée en raison de l’absence de vérification des entrées dans l’allocateur mémoire de tas. Ces vulnérabilités d'exécution de code à distance (RCE) sont référencées par 26 CVEs et affectent potentiellement un large éventail de domaines, de l'IoT grand public et médical à l'IoT industriel, aux technologies opérationnelles (OT) et aux systèmes de contrôle industriel. Une dizaine d’éditeurs sont concernés.
Solution
- Les intégrateurs de ces RTOS sont invités à prendre contact rapidement avec l’éditeur du produit affecté afin de corriger leurs propres solutions et diffuser le correctif ;
- Les utilisateurs d’équipements basés sur ces RTOS sont invités à prendre contact avec le fournisseur afin de mettre à jour les équipements affectés ;
- Il convient en outre d’appliquer les bonnes pratiques référencées
dans le guide ANSSI [1] et notamment celles ci-après.
- S’assurer que les appareils concernés ne sont pas accessibles depuis Internet.
- S’assurer que les systèmes ne se connectent qu'à des réseaux ou sous-réseaux isolés de confiance. Adopter une démarche de défense en profondeur permet de se protéger contre des menaces qui ne sont pas encore connues, de diminuer le périmètre sur lequel une menace est exercée ou d’en atténuer l’impact. Le simple cloisonnement des réseaux par des pare-feux ne suffit pas. D’autres mécanismes doivent l’accompagner et à différents niveaux (contrôle d’accès physique, durcissement des configurations, protection antivirale...).
- Inclure des mécanismes de détection et de surveillance des installations. Surveiller de façon permanente les appareils à la recherche de comportements anormaux ou non autorisés tels que la communication avec des hôtes locaux ou distants inconnus. Enfin la collecte des informations au travers des journaux d’alarmes et d’événements est indispensable aux analyses ultérieures. Ces journaux pourront dans certains cas apporter des éléments utiles et des preuves dans le cadre d’une enquête judiciaire.
- Réduire la surface d'attaque en éliminant les services sans utilité fonctionnelle ou non sécurisés.
[1] Guide de l'ANSSI sur la sécurité industrielle : https://www.ssi.gouv.fr/uploads/IMG/pdf/Guide_securite_industrielle_Version_finale.pdf
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | RIOT OS version 2020.01.1 | ||
| N/A | N/A | Texas Instruments SimpleLink-CC32XX versions antérieures à 4.10.03 | ||
| N/A | N/A | Media Tek LinkIt SDK versions antérieures à 4.6.1 | ||
| N/A | N/A | NXP MCUXpresso SDK versions antérieures à 2.8.2 | ||
| N/A | N/A | Texas Instruments SimpleLink MSP432E4XX | ||
| N/A | N/A | Windriver VxWorks versions antérieures à 7.0 | ||
| N/A | N/A | Micrium OS, versions antérieures à 5.10.1 | ||
| N/A | N/A | Texas Instruments SimpleLink-CC13XX versions antérieures à 4.40.00 | ||
| N/A | N/A | ARM CMSIS-RTOS2 versions antérieures à 2.1.3 | ||
| N/A | N/A | Micrium uC/OS: uC/LIB versions antérieures à 1.39.00 | ||
| N/A | N/A | Texas Instruments SimpleLink-CC26XX versions antérieures à 4.40.00 | ||
| N/A | N/A | NXP MQX versions antérieures à 5.1 | ||
| N/A | N/A | ARM Mbed OS version 6.3.0 | ||
| N/A | N/A | TencentOS-tiny, version 3.1.0 | ||
| N/A | N/A | Texas Instruments CC32XX versions antérieures à 4.40.00.07 | ||
| N/A | N/A | Redhat newlib versions antérieures à 4.0.0 | ||
| N/A | N/A | BlackBerry QNX SDP versions antérieures à 6.5.0SP1 sans le dernier correctif | ||
| N/A | N/A | BlackBerry QNX OS for Safety versions antérieures à 1.0.2 | ||
| N/A | N/A | ARM mbed-ualloc version 1.3.0 | ||
| Apache | N/A | Apache Nuttx OS version 9.1.0 | ||
| N/A | N/A | Uclibc-NG versions antérieures à 1.0.36 | ||
| Apache | N/A | Amazon FreeRTOS version 10.4.1 | ||
| N/A | N/A | BlackBerry QNX OS for Medical versions antérieures à 1.1.1 | ||
| Apache | N/A | Linux Zephyr RTOS versions antérieures à 2.5.0 | ||
| N/A | N/A | Zephyr Project RTOS versions antérieures à 2.5 | ||
| N/A | N/A | eCosCentric eCosPro RTOS versions 2.0.1 à 4.5.3 | ||
| N/A | N/A | Samsung Tizen RT RTOS versions antérieures à 3.0.GBB | ||
| N/A | N/A | Cesanta Software Mongoose OS version 2.17.0 | ||
| N/A | Google Cloud IoT Device SDK version 1.0.2 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "RIOT OS version 2020.01.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Texas Instruments SimpleLink-CC32XX versions ant\u00e9rieures \u00e0 4.10.03",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Media Tek LinkIt SDK versions ant\u00e9rieures \u00e0 4.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "NXP MCUXpresso SDK versions ant\u00e9rieures \u00e0 2.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Texas Instruments SimpleLink MSP432E4XX",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Windriver VxWorks versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Micrium OS, versions ant\u00e9rieures \u00e0 5.10.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Texas Instruments SimpleLink-CC13XX versions ant\u00e9rieures \u00e0 4.40.00",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ARM CMSIS-RTOS2 versions ant\u00e9rieures \u00e0 2.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Micrium uC/OS: uC/LIB versions ant\u00e9rieures \u00e0 1.39.00",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Texas Instruments SimpleLink-CC26XX versions ant\u00e9rieures \u00e0 4.40.00",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "NXP MQX versions ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ARM Mbed OS version 6.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TencentOS-tiny, version 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Texas Instruments CC32XX versions ant\u00e9rieures \u00e0 4.40.00.07",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Redhat newlib versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BlackBerry QNX SDP versions ant\u00e9rieures \u00e0 6.5.0SP1 sans le dernier correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BlackBerry QNX OS for Safety versions ant\u00e9rieures \u00e0 1.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ARM mbed-ualloc version 1.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Apache Nuttx OS version 9.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Uclibc-NG versions ant\u00e9rieures \u00e0 1.0.36",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Amazon FreeRTOS version 10.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "BlackBerry QNX OS for Medical versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Linux Zephyr RTOS versions ant\u00e9rieures \u00e0 2.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Zephyr Project RTOS versions ant\u00e9rieures \u00e0 2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eCosCentric eCosPro RTOS versions 2.0.1 \u00e0 4.5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Samsung Tizen RT RTOS versions ant\u00e9rieures \u00e0 3.0.GBB",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Cesanta Software Mongoose OS version 2.17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Google Cloud IoT Device SDK version 1.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\n- Les int\u00e9grateurs de ces RTOS sont invit\u00e9s \u00e0 prendre contact\n rapidement avec l\u2019\u00e9diteur du produit affect\u00e9 afin de corriger leurs\n propres solutions et diffuser le correctif\u00a0;\n- Les utilisateurs d\u2019\u00e9quipements bas\u00e9s sur ces RTOS sont invit\u00e9s \u00e0\n prendre contact avec le fournisseur afin de mettre \u00e0 jour les\n \u00e9quipements affect\u00e9s\u00a0;\n- Il convient en outre d\u2019appliquer les bonnes pratiques r\u00e9f\u00e9renc\u00e9es\n dans le guide ANSSI \\[1\\] et notamment celles ci-apr\u00e8s.\n - S\u2019assurer que les appareils concern\u00e9s ne sont pas accessibles\n depuis Internet.\n - S\u2019assurer que les syst\u00e8mes ne se connectent qu\u0027\u00e0 des r\u00e9seaux ou\n sous-r\u00e9seaux isol\u00e9s de confiance. Adopter une d\u00e9marche de\n d\u00e9fense en profondeur permet de se prot\u00e9ger contre des menaces\n qui ne sont pas encore connues, de diminuer le p\u00e9rim\u00e8tre sur\n lequel une menace est exerc\u00e9e ou d\u2019en att\u00e9nuer l\u2019impact. Le\n simple cloisonnement des r\u00e9seaux par des pare-feux ne suffit\n pas. D\u2019autres m\u00e9canismes doivent l\u2019accompagner et \u00e0 diff\u00e9rents\n niveaux (contr\u00f4le d\u2019acc\u00e8s physique, durcissement des\n configurations, protection antivirale...).\n - Inclure des m\u00e9canismes de d\u00e9tection et de surveillance des\n installations. Surveiller de fa\u00e7on permanente les appareils \u00e0 la\n recherche de comportements anormaux ou non autoris\u00e9s tels que la\n communication avec des h\u00f4tes locaux ou distants inconnus. Enfin\n la collecte des informations au travers des journaux d\u2019alarmes\n et d\u2019\u00e9v\u00e9nements est indispensable aux analyses ult\u00e9rieures. Ces\n journaux pourront dans certains cas apporter des \u00e9l\u00e9ments utiles\n et des preuves dans le cadre d\u2019une enqu\u00eate judiciaire.\n - R\u00e9duire la surface d\u0027attaque en \u00e9liminant les services sans\n utilit\u00e9 fonctionnelle ou non s\u00e9curis\u00e9s.\n\n\\[1\\] Guide de l\u0027ANSSI sur la s\u00e9curit\u00e9 industrielle :\n\u003chttps://www.ssi.gouv.fr/uploads/IMG/pdf/Guide_securite_industrielle_Version_finale.pdf\u003e\n",
"cves": [
{
"name": "CVE-2021-27502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27502"
},
{
"name": "CVE-2021-27504",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27504"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-31572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31572"
},
{
"name": "CVE-2021-22684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22684"
},
{
"name": "CVE-2021-22680",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22680"
},
{
"name": "CVE-2021-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26461"
},
{
"name": "CVE-2021-27431",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27431"
},
{
"name": "CVE-2021-31571",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31571"
},
{
"name": "CVE-2021-22156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22156"
},
{
"name": "CVE-2021-26706",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26706"
},
{
"name": "CVE-2021-27419",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27419"
},
{
"name": "CVE-2021-22636",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22636"
},
{
"name": "CVE-2021-27429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27429"
},
{
"name": "CVE-2021-27433",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27433"
},
{
"name": "CVE-2021-27421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27421"
},
{
"name": "CVE-2021-27425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27425"
},
{
"name": "CVE-2021-27417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27417"
},
{
"name": "CVE-2021-3420",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3420"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-27427",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27427"
},
{
"name": "CVE-2021-27439",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27439"
},
{
"name": "CVE-2020-13603",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13603"
},
{
"name": "CVE-2021-30636",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30636"
},
{
"name": "CVE-2021-27435",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27435"
},
{
"name": "CVE-2021-27411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27411"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 BadAlloc icsa-21-119-04 du 20 mai 2021, mis \u00e0 jour le 17 ao\u00fbt 2021",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04"
}
],
"reference": "CERTFR-2021-AVI-639",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les syst\u00e8mes\nd\u0027exploitation temps r\u00e9el (*RTOS, Real Time OS*). Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un\nd\u00e9ni de service \u00e0 distance.\n\nCette famille de vuln\u00e9rabilit\u00e9s dans les *RTOS* a \u00e9t\u00e9 d\u00e9couverte,\nd\u00e9crite puis nomm\u00e9e \u00ab\u00a0BadAlloc\u00a0\u00bb par Microsoft, appellation donn\u00e9e en\nraison de l\u2019absence de v\u00e9rification des entr\u00e9es dans l\u2019allocateur\nm\u00e9moire de tas. Ces vuln\u00e9rabilit\u00e9s d\u0027ex\u00e9cution de code \u00e0 distance (RCE)\nsont r\u00e9f\u00e9renc\u00e9es par 26 CVEs et affectent potentiellement un large\n\u00e9ventail de domaines, de l\u0027IoT grand public et m\u00e9dical \u00e0 l\u0027IoT\nindustriel, aux technologies op\u00e9rationnelles (OT) et aux syst\u00e8mes de\ncontr\u00f4le industriel. Une dizaine d\u2019\u00e9diteurs sont concern\u00e9s.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans des syst\u00e8mes d\u0027exploitation temps r\u00e9el",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat newlib du 17 novembre 2020",
"url": "https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ARM CMSIS RTOS2 du 24 juin 2021",
"url": "https://www.keil.com/pack/doc/CMSIS/RTOS2/html/rtos_revisionHistory.html"
},
{
"published_at": null,
"title": "\ufeffBulletin de s\u00e9curit\u00e9 BadAlloc icsa-21-119-04 du 20 mai 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ARM mbed du 22 mars 2021",
"url": "https://github.com/ARMmbed/mbed-os/pull/14408"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Zephyr Project RTOS du 23 mars 2021",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/31796"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Wind River VxWorks 20210319 du 19 mars 2021",
"url": "https://support2.windriver.com/index.php?page=security-notices\u0026on=view\u0026id=7048"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Wind River VxWorks 20210203 du 03 f\u00e9vrier 2021",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 eCosCentric eCosPro RTOS 1002437 du 16 ao\u00fbt 2021",
"url": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FreeRTOS du 07 d\u00e9cembre 2020",
"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/224"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BlackBerry du 17 ao\u00fbt 2021",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000082334\u0026language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache Nuttx OS du 21 juin 2021",
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Texas Instruments TI-PSIRT-2020-100074 du 29 avril 2021",
"url": "https://www.ti.com/lit/an/swra709/swra709.pdf?ts=1629129702198"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Cloud IoT Device du 12 avril 2021",
"url": "https://github.com/GoogleCloudPlatform/iot-device-sdk-embedded-c/pull/119/files"
}
]
}
CERTFR-2022-AVI-815
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Modicon MC80 sans le correctif de sécurité BMKC8020301 | ||
| N/A | N/A | CANopen X80 Communication Module (BMECXM0100) toutes versions | ||
| Schneider Electric | N/A | Modicon MC80 (BMKC80) versions antérieures à 1.8 | ||
| Schneider Electric | N/A | Modicon MC80 Controller (BMKC8*) versions antérieures à 1.8 | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication Modules BMXNOE0110 (H) toutes versions | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication Modules BMXNOE0100 (H) toutes versions | ||
| N/A | N/A | EcoStruxure™ Control Expert version 15.1 sans le dernier correctif de sécurité | ||
| Schneider Electric | N/A | Modicon RTU BMXNOR0200H versions antérieures à 1.7 IR24 | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication Module BMXNOR0200H RTU versions antérieures à 1.7 IR24 | ||
| Schneider Electric | Modicon M340 | Modicon M340 Ethernet TCP/IP Network Module BMXNOC0401 versions antérieures à 2.11 | ||
| Schneider Electric | N/A | Profibus Remote Master (TCSEGPA23F14F) toutes versions | ||
| Schneider Electric | N/A | Lexium ILE ILA ILS Communication Drive versions antérieures à 01.110 | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication module BMXNOC0401 versions antérieures à version 2.11 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon MC80 sans le correctif de s\u00e9curit\u00e9 BMKC8020301",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CANopen X80 Communication Module (BMECXM0100) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon MC80 (BMKC80) versions ant\u00e9rieures \u00e0 1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon MC80 Controller (BMKC8*) versions ant\u00e9rieures \u00e0 1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication Modules BMXNOE0110 (H) toutes versions",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication Modules BMXNOE0100 (H) toutes versions",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure\u2122 Control Expert version 15.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon RTU BMXNOR0200H versions ant\u00e9rieures \u00e0 1.7 IR24",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication Module BMXNOR0200H RTU versions ant\u00e9rieures \u00e0 1.7 IR24",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 Ethernet TCP/IP Network Module BMXNOC0401 versions ant\u00e9rieures \u00e0 2.11",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Profibus Remote Master (TCSEGPA23F14F) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Lexium ILE ILA ILS Communication Drive versions ant\u00e9rieures \u00e0 01.110",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication module BMXNOC0401 versions ant\u00e9rieures \u00e0 version 2.11",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7564",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7564"
},
{
"name": "CVE-2020-7563",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7563"
},
{
"name": "CVE-2020-7535",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7535"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2020-7549",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7549"
},
{
"name": "CVE-2021-31401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31401"
},
{
"name": "CVE-2022-37301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
},
{
"name": "CVE-2018-7241",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
},
{
"name": "CVE-2022-0222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0222"
},
{
"name": "CVE-2018-7242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
},
{
"name": "CVE-2021-31400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31400"
},
{
"name": "CVE-2021-22788",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22788"
},
{
"name": "CVE-2020-35685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35685"
},
{
"name": "CVE-2020-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7562"
},
{
"name": "CVE-2020-35683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35683"
},
{
"name": "CVE-2020-35684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35684"
},
{
"name": "CVE-2020-7536",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7536"
},
{
"name": "CVE-2018-7857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7857"
},
{
"name": "CVE-2019-6807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6807"
},
{
"name": "CVE-2018-7240",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
},
{
"name": "CVE-2011-4859",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4859"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-22787",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22787"
},
{
"name": "CVE-2021-22785",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22785"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V11.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-257-02 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-257-02_Web_Server_Modicon_M340_Quantum_and_Premium_and_Communication_Modules_V2.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V4.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-06 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-343-06_Web_Server_Modicon_M340_Premium_Quantum_Communication_Modules_Security_Notification_V2.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-07 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-07\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-343-07_SNMP_Service_Modicon_M340_CPU_Security_Notification_V2.1.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-217-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification_V3.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-134-11 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-134-11_Modicon_Controllers_Security_Notification_V7.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V2.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SESB-2019-214-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2019-214-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SESB-2019-214-01_Wind_River_VxWorks_Security_Bulletin_V2.14.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-315-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-315-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-315-01_Modicon_Web_Server_Security_Notification_V3.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-05 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-343-05-Web_Server_Modicon_M340_Premium_Quantum_Communication_Modules_Security_Notification_V2.1.pdf"
}
],
"reference": "CERTFR-2022-AVI-815",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-256-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-256-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-256-01-EcoStruxure_Machine_SCADA_ExpertPro-face_BLUE_Open_Studio_Security_Notification.pdf"
}
]
}
CERTFR-2022-AVI-717
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Eurotherm Data Reviewer3.0.2 software versions antérieures 4.0.0 | ||
| N/A | N/A | Modicon Momentum MDI (171CBU*) toutes versions | ||
| Schneider Electric | N/A | EcoStruxure Control Expert versions antérieures à 15.2 | ||
| Symfony | process | EcoStruxure Process Expert versions antérieures à 2021 | ||
| N/A | N/A | Modicon M580 CPU (BMEP* et BMEH*) versions antérieures à 4.01 | ||
| Schneider Electric | N/A | Legacy Modicon Quantum toutes versions | ||
| N/A | N/A | OPC UA Modicon Communication Module (BMENUA0100) versions antérieures à 2.01 | ||
| Schneider Electric | N/A | Modicon MC80 (BMKC80) toutes versions | ||
| Schneider Electric | Modicon M340 | Modicon M340 CPU (BMXP34*) versions antérieures 3.50 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Eurotherm Data Reviewer3.0.2 software versions ant\u00e9rieures 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon Momentum MDI (171CBU*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 15.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Modicon M580 CPU (BMEP* et BMEH*) versions ant\u00e9rieures \u00e0 4.01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Legacy Modicon Quantum toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "OPC UA Modicon Communication Module (BMENUA0100) versions ant\u00e9rieures \u00e0 2.01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon MC80 (BMKC80) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 CPU (BMXP34*) versions ant\u00e9rieures 3.50",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6846"
},
{
"name": "CVE-2022-34760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34760"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
},
{
"name": "CVE-2022-34762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34762"
},
{
"name": "CVE-2019-6841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6841"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2021-22779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
},
{
"name": "CVE-2021-22781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
},
{
"name": "CVE-2021-22780",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2021-22790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
},
{
"name": "CVE-2022-37302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37302"
},
{
"name": "CVE-2022-34761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34761"
},
{
"name": "CVE-2022-34759",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34759"
},
{
"name": "CVE-2022-37301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
},
{
"name": "CVE-2018-7241",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
},
{
"name": "CVE-2021-22786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22786"
},
{
"name": "CVE-2018-7242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
},
{
"name": "CVE-2019-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6844"
},
{
"name": "CVE-2019-6842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6842"
},
{
"name": "CVE-2021-22782",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
},
{
"name": "CVE-2021-22778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
},
{
"name": "CVE-2022-34764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34764"
},
{
"name": "CVE-2022-34763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34763"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2022-37300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37300"
},
{
"name": "CVE-2021-22789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
},
{
"name": "CVE-2019-6847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6847"
},
{
"name": "CVE-2022-34765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34765"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2021-22792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
},
{
"name": "CVE-2019-6843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6843"
},
{
"name": "CVE-2018-7240",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
},
{
"name": "CVE-2011-4859",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4859"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2020-12525",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-717",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-09T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens",
"revision_date": "2022-08-22T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens des bulletins de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01, SEVD-2022-221-02 et SEVD-2022-221-04 du 9 ao\u00fbt 2022.",
"revision_date": "2022-09-08T00:00:00.000000"
},
{
"description": "Ajout du libell\u00e9 [SCADA] dans le titre.",
"revision_date": "2022-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SESB-2021-347-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SESB-2021-347-01_Apache_Log4j_Log4Shell_Vulnerabilities_Security_Notification_V14.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-02 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-281-02_Modicon_Controllers_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-01_EcoStruxure_Control_Expert_Modicon580_Security_Notification_V1.1.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-193-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V10.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-03 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-03_EcoStruxure_Control_Expert_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V1.1.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-222-04 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-222-04_Modicon_PAC_Controllers_PLC_Simulator_Control_Expert_Process_Expert_Security_Notification_V2.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340_Security_Notifcation_V4.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-04 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification_V1.1.pdf"
}
]
}
CERTFR-2022-AVI-717
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Eurotherm Data Reviewer3.0.2 software versions antérieures 4.0.0 | ||
| N/A | N/A | Modicon Momentum MDI (171CBU*) toutes versions | ||
| Schneider Electric | N/A | EcoStruxure Control Expert versions antérieures à 15.2 | ||
| Symfony | process | EcoStruxure Process Expert versions antérieures à 2021 | ||
| N/A | N/A | Modicon M580 CPU (BMEP* et BMEH*) versions antérieures à 4.01 | ||
| Schneider Electric | N/A | Legacy Modicon Quantum toutes versions | ||
| N/A | N/A | OPC UA Modicon Communication Module (BMENUA0100) versions antérieures à 2.01 | ||
| Schneider Electric | N/A | Modicon MC80 (BMKC80) toutes versions | ||
| Schneider Electric | Modicon M340 | Modicon M340 CPU (BMXP34*) versions antérieures 3.50 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Eurotherm Data Reviewer3.0.2 software versions ant\u00e9rieures 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon Momentum MDI (171CBU*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 15.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Modicon M580 CPU (BMEP* et BMEH*) versions ant\u00e9rieures \u00e0 4.01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Legacy Modicon Quantum toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "OPC UA Modicon Communication Module (BMENUA0100) versions ant\u00e9rieures \u00e0 2.01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon MC80 (BMKC80) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 CPU (BMXP34*) versions ant\u00e9rieures 3.50",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6846"
},
{
"name": "CVE-2022-34760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34760"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
},
{
"name": "CVE-2022-34762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34762"
},
{
"name": "CVE-2019-6841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6841"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2021-22779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
},
{
"name": "CVE-2021-22781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
},
{
"name": "CVE-2021-22780",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2021-22790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
},
{
"name": "CVE-2022-37302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37302"
},
{
"name": "CVE-2022-34761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34761"
},
{
"name": "CVE-2022-34759",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34759"
},
{
"name": "CVE-2022-37301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
},
{
"name": "CVE-2018-7241",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
},
{
"name": "CVE-2021-22786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22786"
},
{
"name": "CVE-2018-7242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
},
{
"name": "CVE-2019-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6844"
},
{
"name": "CVE-2019-6842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6842"
},
{
"name": "CVE-2021-22782",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
},
{
"name": "CVE-2021-22778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
},
{
"name": "CVE-2022-34764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34764"
},
{
"name": "CVE-2022-34763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34763"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2022-37300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37300"
},
{
"name": "CVE-2021-22789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
},
{
"name": "CVE-2019-6847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6847"
},
{
"name": "CVE-2022-34765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34765"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2021-22792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
},
{
"name": "CVE-2019-6843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6843"
},
{
"name": "CVE-2018-7240",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
},
{
"name": "CVE-2011-4859",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4859"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2020-12525",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-717",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-09T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens",
"revision_date": "2022-08-22T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens des bulletins de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01, SEVD-2022-221-02 et SEVD-2022-221-04 du 9 ao\u00fbt 2022.",
"revision_date": "2022-09-08T00:00:00.000000"
},
{
"description": "Ajout du libell\u00e9 [SCADA] dans le titre.",
"revision_date": "2022-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SESB-2021-347-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SESB-2021-347-01_Apache_Log4j_Log4Shell_Vulnerabilities_Security_Notification_V14.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-02 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-281-02_Modicon_Controllers_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-01_EcoStruxure_Control_Expert_Modicon580_Security_Notification_V1.1.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-193-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V10.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-03 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-03_EcoStruxure_Control_Expert_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V1.1.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-222-04 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-222-04_Modicon_PAC_Controllers_PLC_Simulator_Control_Expert_Process_Expert_Security_Notification_V2.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340_Security_Notifcation_V4.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-04 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification_V1.1.pdf"
}
]
}
CERTFR-2022-AVI-328
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Modicon M262 Logic Controllers versions antérieures à V5.1.6.1 | ||
| Schneider Electric | N/A | MiCOM C264 versions antérieures à B5.118, D1.92, D4.38, D5.25I et D6.18 | ||
| Schneider Electric | N/A | PowerLogic ION7400 versions antérieures à 3.1.0 | ||
| Schneider Electric | N/A | EPC2000 toutes versions | ||
| Schneider Electric | N/A | EPack toutes versions | ||
| N/A | N/A | Easy Harmony GXU (gamme HMIGXU) Vijeo Designer Basic versions antérieures à 1.2.1 | ||
| Schneider Electric | N/A | nanodac versions antérieures à 10.02 | ||
| N/A | N/A | Versadac toutes versions | ||
| Schneider Electric | N/A | BMXNOR0200H RTU toutes versions | ||
| Schneider Electric | N/A | EPC3000 versions antérieures à V5.20 | ||
| Schneider Electric | N/A | Modicon M241/M251 Logic Controllers versions antérieures à V5.1.9.34 | ||
| Schneider Electric | N/A | SAGE RTU CPU C3414 version antérieures à C3414-500-S02K5_P5 de SAGE RTU CPU3414 | ||
| Schneider Electric | N/A | BMXNOE0100 (H) toutes versions | ||
| N/A | N/A | JACE-8000 versions antérieures à Niagara 4.10u1 | ||
| Schneider Electric | N/A | BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions | ||
| Schneider Electric | N/A | 6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions | ||
| Schneider Electric | N/A | Eurotherm E+PLC100 toutes versions | ||
| N/A | N/A | SCD6000 Industrial RTU versions antérieures à SY-1101207, et N de SCD6000 | ||
| Schneider Electric | N/A | Pro-face SP-5B00, SP-5B10, SP-5B90, gamme ST6000 (modèle GP-ProEX), gamme ET6000 versions antérieures à V4.09.350 | ||
| Schneider Electric | N/A | Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*),V1.50 toutes versions | ||
| N/A | N/A | BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions | ||
| Schneider Electric | N/A | BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions | ||
| Schneider Electric | N/A | Easergy MiCOM P40 toutes versions | ||
| N/A | N/A | Modicon M258/LMC058 Logic Controllers versions antérieures à 5.0.4.18 | ||
| Schneider Electric | N/A | Modicon Quantum CPU et Communication Modules toutes versions | ||
| N/A | N/A | Modicon Premium CPU et Communication Modules toutes versions | ||
| N/A | N/A | Easergy MiCOM P30 versions 660 à 674 | ||
| Schneider Electric | N/A | PowerLogic ION9000 versions antérieures à 3.1.0 | ||
| Schneider Electric | N/A | Easergy C5x (C52/C53) versions antérieures à 1.0.5 | ||
| Schneider Electric | N/A | gammes HMISTO et HMISTU/S5T toutes versions | ||
| Schneider Electric | N/A | PacDrive Eco/Pro/Pro2 Logic Controllers versions antérieures à V1.66.5.1 | ||
| Schneider Electric | N/A | Easergy P5 versions antérieures à 01.401.101 | ||
| Schneider Electric | N/A | CPU Modicon M580 (BMEP* et BMEH*), BMXNOM0200 toutes versions | ||
| N/A | N/A | BMXNOE0110 (H) toutes versions | ||
| Schneider Electric | N/A | Gammes Pro-face GP4000, LT4000M et GP4000H toutes versions | ||
| Schneider Electric | N/A | TCSEGPA23F14F, BMECXM0100 toutes versions | ||
| N/A | N/A | HMISCU Vijeo Designer versions V6.2SP11 et antérieures | ||
| N/A | N/A | PowerLogic PM8000 versions antérieures à 3.1.0 | ||
| N/A | N/A | PacDrive M toutes versions | ||
| N/A | N/A | Easy Harmony ET6 (gamme HMIET) Vijeo Designer Basic versions antérieures à 1.2.1 | ||
| N/A | N/A | Momentum ENT (170ENT11*) toutes versions | ||
| N/A | N/A | Gammes Pro-face GP4100, GP4000E et GP4000M toutes versions | ||
| Schneider Electric | N/A | BMXNOM0200 toutes versions | ||
| N/A | N/A | IGSS Data Server versions antérieures à 15.0.0.22074 | ||
| N/A | N/A | BMENOP0300, BMXNOR0200 toutes versions | ||
| Schneider Electric | N/A | Modicon LMC078 toutes versions | ||
| Schneider Electric | N/A | Harmony/ Magelis, gammes HMIGTU, HMIGTUX et HMIGK versions antérieures à 6.2 SP11 Multi HotFix 4 | ||
| Schneider Electric | Modicon M340 | Modicon M340 versions antérieures à 3.50 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon M262 Logic Controllers versions ant\u00e9rieures \u00e0 V5.1.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "MiCOM C264 versions ant\u00e9rieures \u00e0 B5.118, D1.92, D4.38, D5.25I et D6.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PowerLogic ION7400 versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC2000 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPack toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easy Harmony GXU (gamme HMIGXU) Vijeo Designer Basic versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "nanodac versions ant\u00e9rieures \u00e0 10.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Versadac toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOR0200H RTU toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC3000 versions ant\u00e9rieures \u00e0 V5.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M241/M251 Logic Controllers versions ant\u00e9rieures \u00e0 V5.1.9.34",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SAGE RTU CPU C3414 version ant\u00e9rieures \u00e0 C3414-500-S02K5_P5 de SAGE RTU CPU3414",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMXNOE0100 (H) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "JACE-8000 versions ant\u00e9rieures \u00e0 Niagara 4.10u1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Eurotherm E+PLC100 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SCD6000 Industrial RTU versions ant\u00e9rieures \u00e0 SY-1101207, et N de SCD6000",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face SP-5B00, SP-5B10, SP-5B90, gamme ST6000 (mod\u00e8le GP-ProEX), gamme ET6000 versions ant\u00e9rieures \u00e0 V4.09.350",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*),V1.50 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easergy MiCOM P40 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M258/LMC058 Logic Controllers versions ant\u00e9rieures \u00e0 5.0.4.18",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon Quantum CPU et Communication Modules toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Premium CPU et Communication Modules toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Easergy MiCOM P30 versions 660 \u00e0 674",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION9000 versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easergy C5x (C52/C53) versions ant\u00e9rieures \u00e0 1.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "gammes HMISTO et HMISTU/S5T toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PacDrive Eco/Pro/Pro2 Logic Controllers versions ant\u00e9rieures \u00e0 V1.66.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easergy P5 versions ant\u00e9rieures \u00e0 01.401.101",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "CPU Modicon M580 (BMEP* et BMEH*), BMXNOM0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMXNOE0110 (H) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Gammes Pro-face GP4000, LT4000M et GP4000H toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "TCSEGPA23F14F, BMECXM0100 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISCU Vijeo Designer versions V6.2SP11 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic PM8000 versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PacDrive M toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Easy Harmony ET6 (gamme HMIET) Vijeo Designer Basic versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Momentum ENT (170ENT11*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Gammes Pro-face GP4100, GP4000E et GP4000M toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOM0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "IGSS Data Server versions ant\u00e9rieures \u00e0 15.0.0.22074",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMENOP0300, BMXNOR0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon LMC078 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Harmony/ Magelis, gammes HMIGTU, HMIGTUX et HMIGK versions ant\u00e9rieures \u00e0 6.2 SP11 Multi HotFix 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 versions ant\u00e9rieures \u00e0 3.50",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22156"
},
{
"name": "CVE-2022-0222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0222"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2022-24324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24324"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-328",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-102-02 du 12 avril 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-102-02_Modicon_M340_Controller_and_Communication_Modules_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-102-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-102-01 du 12 avril 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-102-01_IGSS_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-102-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021 mis \u00e0 jour le 12 avril 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V6.0.pdf\u0026p_Doc_Ref=SEVD-2021-313-05"
}
]
}
CERTFR-2022-AVI-546
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Schneider Electric C-Bus Network Automation Controller LSS5500SHAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | Clipsal C-Bus Network Automation Controller 5500SHAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | Conext ComBox toutes versions | ||
| Schneider Electric | N/A | SpaceLogic C-Bus Network Automation Controller 5500NAC2 versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | CanBRASS versions antérieures à 7.6 | ||
| Schneider Electric | N/A | StruxureWare Data Center Expert versions antérieures à 7.9.1 | ||
| N/A | N/A | EcoStruxure Power Commission versions antérieures à 2.22 | ||
| Schneider Electric | N/A | Smart-UPS SMT SMC, SMX, SRC, XU, XP, SURTD, CHS2 et SRTL Series toutes versions | ||
| Schneider Electric | N/A | EcoStruxure Cybersecurity Admin Expert (CAE) versions antérieures à 2.4 | ||
| Schneider Electric | N/A | IGSS Data Server versions antérieures à 15.0.0.22170 | ||
| Schneider Electric | N/A | Geo SCADA Mobile versions antérieures au Build 202205171 | ||
| Schneider Electric | N/A | Smart-UPS SRT Series versions antérieures à 15.0 | ||
| Schneider Electric | N/A | Schneider Electric C-Bus Network Automation Controller LSS5500NAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | EcoStruxure Power Build: Rapsody Software versions antérieures à 2.1.13 | ||
| Schneider Electric | N/A | EPC2000 versions antérieures à 4.03 | ||
| Schneider Electric | N/A | Versadac versions antérieures à 2.43 | ||
| Schneider Electric | N/A | Clipsal C-Bus Network Automation Controller 5500NAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | SCADAPack RemoteConnect pour x70 versions antérieures à R2.7.3 | ||
| Schneider Electric | N/A | SpaceLogic C-Bus Network Automation Controller 5500AC2 versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | Smart-UPS SCL Series versions antérieures à 15.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Schneider Electric C-Bus Network Automation Controller LSS5500SHAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Clipsal C-Bus Network Automation Controller 5500SHAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Conext ComBox toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SpaceLogic C-Bus Network Automation Controller 5500NAC2 versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "CanBRASS versions ant\u00e9rieures \u00e0 7.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "StruxureWare Data Center Expert versions ant\u00e9rieures \u00e0 7.9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Power Commission versions ant\u00e9rieures \u00e0 2.22",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Smart-UPS SMT SMC, SMX, SRC, XU, XP, SURTD, CHS2 et SRTL Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Cybersecurity Admin Expert (CAE) versions ant\u00e9rieures \u00e0 2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "IGSS Data Server versions ant\u00e9rieures \u00e0 15.0.0.22170",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Geo SCADA Mobile versions ant\u00e9rieures au Build 202205171",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Smart-UPS SRT Series versions ant\u00e9rieures \u00e0 15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric C-Bus Network Automation Controller LSS5500NAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Power Build: Rapsody Software versions ant\u00e9rieures \u00e0 2.1.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC2000 versions ant\u00e9rieures \u00e0 4.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Versadac versions ant\u00e9rieures \u00e0 2.43",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Clipsal C-Bus Network Automation Controller 5500NAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SCADAPack RemoteConnect pour x70 versions ant\u00e9rieures \u00e0 R2.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SpaceLogic C-Bus Network Automation Controller 5500AC2 versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Smart-UPS SCL Series versions ant\u00e9rieures \u00e0 15.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32524"
},
{
"name": "CVE-2022-24322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24322"
},
{
"name": "CVE-2022-22731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22731"
},
{
"name": "CVE-2022-32514",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32514"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-32517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32517"
},
{
"name": "CVE-2022-32526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32526"
},
{
"name": "CVE-2022-32530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32530"
},
{
"name": "CVE-2022-32748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32748"
},
{
"name": "CVE-2022-22806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
},
{
"name": "CVE-2022-32529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32529"
},
{
"name": "CVE-2022-32513",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32513"
},
{
"name": "CVE-2022-32747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32747"
},
{
"name": "CVE-2022-32523",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32523"
},
{
"name": "CVE-2022-32528",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32528"
},
{
"name": "CVE-2022-32516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32516"
},
{
"name": "CVE-2022-32522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32522"
},
{
"name": "CVE-2022-32527",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32527"
},
{
"name": "CVE-2022-32515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32515"
},
{
"name": "CVE-2021-22697",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22697"
},
{
"name": "CVE-2022-0715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
},
{
"name": "CVE-2022-0223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0223"
},
{
"name": "CVE-2022-32519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32519"
},
{
"name": "CVE-2022-22805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
},
{
"name": "CVE-2022-24323",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24323"
},
{
"name": "CVE-2022-32512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32512"
},
{
"name": "CVE-2022-32518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32518"
},
{
"name": "CVE-2022-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22732"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2022-32520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32520"
},
{
"name": "CVE-2022-32525",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32525"
},
{
"name": "CVE-2021-22698",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22698"
},
{
"name": "CVE-2022-32521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32521"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-546",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-15T00:00:00.000000"
},
{
"description": "Modification de la version des produits IGSS Data Server",
"revision_date": "2022-06-23T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour du lien du bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 08 mars 2022.",
"revision_date": "2022-08-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 08 mars 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-07 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-06 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-01 du 08 mars 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-01_EcoStruxure_Control_Expert_and_EcoStruxure_Process_Expert_Security_Notification_V2.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-02 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-08 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-012-02 du 12 janvier 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-012-02_EcoStruxure_Power_Build_Rapsody_Security_Notification_V2.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-04 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-04_%20StruxureWare_Data_Center_Expert_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-01 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-05 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V8.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-03 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"
}
]
}
CERTFR-2021-AVI-853
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions | ||
| N/A | N/A | versadac, toutes versions | ||
| Schneider Electric | N/A | EPack toutes versions | ||
| N/A | N/A | EPC2000 toutes versions | ||
| N/A | N/A | Modicon M262 Logic Controllers firmware version 5.1.5.35 et antérieures | ||
| N/A | N/A | SCD6000 Industrial RTU Version antérieures à SCD6000 is SY-1101211_Mand | ||
| N/A | N/A | SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et antérieures | ||
| N/A | N/A | NMC embedded devices | ||
| N/A | N/A | BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions | ||
| N/A | N/A | BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions | ||
| Schneider Electric | N/A | Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et antérieures | ||
| Symfony | process | EcoStruxure Process Expert versions antérieures à V2021 | ||
| N/A | N/A | Tricon Communication Modules versions antérieures à 11.8 | ||
| N/A | N/A | TelevisAir V3.0 Dongle BTLE (part number ADBT42* et antérieures) | ||
| Schneider Electric | Modicon M340 | Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions | ||
| Schneider Electric | N/A | Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et antérieures | ||
| Schneider Electric | N/A | T2750 PAC, toutes versions | ||
| Schneider Electric | N/A | Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et antérieures | ||
| N/A | N/A | HMISTO Series HMISTU/S5T Series toutes versions | ||
| Schneider Electric | N/A | TCSEGPA23F14F, BMECXM0100 toutes versions | ||
| N/A | N/A | HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et antérieures | ||
| N/A | N/A | BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions | ||
| N/A | N/A | Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions | ||
| N/A | N/A | Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et antérieures | ||
| N/A | N/A | Momentum ENT (170ENT11*) toutes versions | ||
| Schneider Electric | N/A | nanodac toutes versions | ||
| Schneider Electric | N/A | Network Management Card 2 (NMC2) | ||
| Schneider Electric | N/A | Schneider Electric Software Update, V2.3.0 à V2.5.1 | ||
| N/A | N/A | Network Management Card 3 (NMC3) | ||
| N/A | N/A | 6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions | ||
| Schneider Electric | N/A | BMXNOM0200 toutes versions | ||
| N/A | N/A | BMENOP0300, BMXNOR0200 toutes versions | ||
| Schneider Electric | N/A | Modicon LMC078 toutes versions | ||
| Schneider Electric | N/A | E+PLC400 toutes versions | ||
| N/A | N/A | Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et antérieures |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "versadac, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EPack toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC2000 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M262 Logic Controllers firmware version 5.1.5.35 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SCD6000 Industrial RTU Version ant\u00e9rieures \u00e0 SCD6000 is SY-1101211_Mand",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "NMC embedded devices",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 V2021",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Tricon Communication Modules versions ant\u00e9rieures \u00e0 11.8",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TelevisAir V3.0 Dongle BTLE (part number ADBT42* et ant\u00e9rieures)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "T2750 PAC, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISTO Series HMISTU/S5T Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TCSEGPA23F14F, BMECXM0100 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Momentum ENT (170ENT11*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "nanodac toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 2 (NMC2)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Software Update, V2.3.0 \u00e0 V2.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 3 (NMC3)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOM0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMENOP0300, BMXNOR0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon LMC078 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "E+PLC400 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22808",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22808"
},
{
"name": "CVE-2021-34527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
},
{
"name": "CVE-2021-22811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
},
{
"name": "CVE-2021-22813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22807"
},
{
"name": "CVE-2021-22810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
},
{
"name": "CVE-2021-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
},
{
"name": "CVE-2021-1675",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
},
{
"name": "CVE-2021-22812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
},
{
"name": "CVE-2021-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22809"
},
{
"name": "CVE-2021-22814",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-22799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22799"
},
{
"name": "CVE-2021-22816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22816"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-853",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-07 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-01 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-06 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-02 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
]
}
CERTFR-2021-AVI-953
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | SCD6000 Industrial RTU version SCD6000 SY11012 11_M et antérieures | ||
| N/A | N/A | Modicon BMENOC 0311 | ||
| N/A | N/A | EVlink City (EVC1S22P4 / EVC1S7P4), EVlink Parking (EVW2 / EVF2 / EVP2PE), EVlink Smart Wallbox EVB1A toutes versions antérieures à R8 V3.4.0.2 | ||
| N/A | N/A | Modicon BMENOC 0321 | ||
| N/A | N/A | Modicon M580 | ||
| N/A | N/A | EcoStruxure™ Power Monitoring Expert versions V9.0 et antérieures | ||
| N/A | N/A | IGSS Data Collector (dc.exe) version 15.0.0.21320 et antérieures | ||
| N/A | N/A | APDU9xxx with NMC3 version V1.0.0.28 et antérieures | ||
| N/A | N/A | AP7xxxx and AP8xxx with NMC2 version V6.9.6 et antérieures | ||
| N/A | N/A | AP7xxx and AP8xxx with NMC3 version V1.1.0.3 et antérieures |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SCD6000 Industrial RTU version SCD6000 SY11012 11_M et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon BMENOC 0311",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EVlink City (EVC1S22P4 / EVC1S7P4), EVlink Parking (EVW2 / EVF2 / EVP2PE), EVlink Smart Wallbox EVB1A toutes versions ant\u00e9rieures \u00e0 R8 V3.4.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon BMENOC 0321",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M580",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure\u2122 Power Monitoring Expert versions V9.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "IGSS Data Collector (dc.exe) version 15.0.0.21320 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "APDU9xxx with NMC3 version V1.0.0.28 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "AP7xxxx and AP8xxx with NMC2 version V6.9.6 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "AP7xxx and AP8xxx with NMC3 version V1.1.0.3 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22725",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22725"
},
{
"name": "CVE-2019-6848",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6848"
},
{
"name": "CVE-2021-22156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22156"
},
{
"name": "CVE-2021-22823",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22823"
},
{
"name": "CVE-2021-22818",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22818"
},
{
"name": "CVE-2021-22820",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22820"
},
{
"name": "CVE-2021-22821",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22821"
},
{
"name": "CVE-2021-22824",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22824"
},
{
"name": "CVE-2021-22822",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22822"
},
{
"name": "CVE-2019-6849",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6849"
},
{
"name": "CVE-2021-22825",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22825"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2021-22724",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22724"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-22826",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22826"
},
{
"name": "CVE-2019-6850",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6850"
},
{
"name": "CVE-2021-22827",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22827"
},
{
"name": "CVE-2021-22819",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22819"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-953",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-02 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-01 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SSEVD-2021-348-03 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-03"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-04 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-348-04 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-348-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 14 d\u00e9cembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
}
]
}
CERTFR-2023-AVI-0297
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Modicon M580 NOC Control (BMENOC0321) versions antérieures à 1.8 | ||
| Schneider Electric | N/A | PacDrive 3 Controllers LMC | ||
| Schneider Electric | N/A | Easergy Builder installer versions antérieures à V1.7.24 | ||
| Schneider Electric | N/A | Modicon Controller LMC058 | ||
| Schneider Electric | N/A | Modicon Controller M258 | ||
| Schneider Electric | N/A | Eco/Pro/Pro2 | ||
| Schneider Electric | N/A | Modicon M580 versions antérieures à SV4.10 | ||
| Schneider Electric | Modicon M340 | Modicon Modicon M340 CPU (part numbers BMXP34*) versions antérieures à SV3.51 | ||
| Schneider Electric | N/A | Modicon Controller M262 | ||
| Schneider Electric | N/A | PacDrive Controller LMC078 | ||
| Schneider Electric | N/A | Modicon Controller M241 | ||
| Schneider Electric | N/A | InsightHome, InsightFacility et Conext Gateway versions antérieures à 1.17 Build 079 | ||
| Schneider Electric | N/A | EcoStruxure Control Expert versions antérieures à V15.3 | ||
| Schneider Electric | N/A | Schneider Electric Easy UPS Online versions antérieures à 2.6-GS | ||
| Schneider Electric | N/A | Modicon Controller M218 | ||
| Schneider Electric | N/A | HMISCU Controller | ||
| Schneider Electric | N/A | Modicon Controller M251 | ||
| Schneider Electric | N/A | Easy Harmony ET6 (HMIET Series) et Easy Harmony GXU (HMIGXU Series) avec Vijeo Designer Basic versions antérieures à V1.2.1 Hotfix 4 | ||
| Schneider Electric | N/A | APC Easy UPS Online Monitoring versions antérieures à 2.6-GA | ||
| Schneider Electric | N/A | Modicon M580 Ethernet Communication Modules (BMENOC0301 et BMENOC0311) versions antérieures à SV2.21 | ||
| Schneider Electric | Modicon M340 | Modicon M340 CPU versions antérieures à SV3.51 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon M580 NOC Control (BMENOC0321) versions ant\u00e9rieures \u00e0 1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PacDrive 3 Controllers LMC",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easergy Builder installer versions ant\u00e9rieures \u00e0 V1.7.24",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller LMC058",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M258",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Eco/Pro/Pro2",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 versions ant\u00e9rieures \u00e0 SV4.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Modicon M340 CPU (part numbers BMXP34*) versions ant\u00e9rieures \u00e0 SV3.51",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M262",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PacDrive Controller LMC078",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M241",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "InsightHome, InsightFacility et Conext Gateway versions ant\u00e9rieures \u00e0 1.17 Build 079",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 V15.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Easy UPS Online versions ant\u00e9rieures \u00e0 2.6-GS",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M218",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISCU Controller",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Controller M251",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easy Harmony ET6 (HMIET Series) et Easy Harmony GXU (HMIGXU Series) avec Vijeo Designer Basic versions ant\u00e9rieures \u00e0 V1.2.1 Hotfix 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "APC Easy UPS Online Monitoring versions ant\u00e9rieures \u00e0 2.6-GA",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M580 Ethernet Communication Modules (BMENOC0301 et BMENOC0311) versions ant\u00e9rieures \u00e0 SV2.21",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 CPU versions ant\u00e9rieures \u00e0 SV3.51",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-29413",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29413"
},
{
"name": "CVE-2023-29410",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29410"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-4046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4046"
},
{
"name": "CVE-2023-29412",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29412"
},
{
"name": "CVE-2023-27976",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27976"
},
{
"name": "CVE-2022-34755",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34755"
},
{
"name": "CVE-2023-25620",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25620"
},
{
"name": "CVE-2023-1548",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1548"
},
{
"name": "CVE-2023-29411",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29411"
},
{
"name": "CVE-2023-28355",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28355"
},
{
"name": "CVE-2023-25619",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25619"
},
{
"name": "CVE-2022-45788",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45788"
},
{
"name": "CVE-2022-4224",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4224"
},
{
"name": "CVE-2021-29241",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-29241"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0297",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider Electric",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2022-011-06 du 11 janvier 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-011-06_CODESYSV3_Runtime_Development_System_and_Gateway_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-05 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-05.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-06 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-06.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-04 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-04.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-02 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-02.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-03 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-03.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-101-01 du 11 avril 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-101-01.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2023-010-05 du 10 janvier 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-010-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-010-05_Modicon_Controllers_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf"
}
]
}
CERTFR-2022-AVI-546
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Schneider Electric C-Bus Network Automation Controller LSS5500SHAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | Clipsal C-Bus Network Automation Controller 5500SHAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | Conext ComBox toutes versions | ||
| Schneider Electric | N/A | SpaceLogic C-Bus Network Automation Controller 5500NAC2 versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | CanBRASS versions antérieures à 7.6 | ||
| Schneider Electric | N/A | StruxureWare Data Center Expert versions antérieures à 7.9.1 | ||
| N/A | N/A | EcoStruxure Power Commission versions antérieures à 2.22 | ||
| Schneider Electric | N/A | Smart-UPS SMT SMC, SMX, SRC, XU, XP, SURTD, CHS2 et SRTL Series toutes versions | ||
| Schneider Electric | N/A | EcoStruxure Cybersecurity Admin Expert (CAE) versions antérieures à 2.4 | ||
| Schneider Electric | N/A | IGSS Data Server versions antérieures à 15.0.0.22170 | ||
| Schneider Electric | N/A | Geo SCADA Mobile versions antérieures au Build 202205171 | ||
| Schneider Electric | N/A | Smart-UPS SRT Series versions antérieures à 15.0 | ||
| Schneider Electric | N/A | Schneider Electric C-Bus Network Automation Controller LSS5500NAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | EcoStruxure Power Build: Rapsody Software versions antérieures à 2.1.13 | ||
| Schneider Electric | N/A | EPC2000 versions antérieures à 4.03 | ||
| Schneider Electric | N/A | Versadac versions antérieures à 2.43 | ||
| Schneider Electric | N/A | Clipsal C-Bus Network Automation Controller 5500NAC versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | SCADAPack RemoteConnect pour x70 versions antérieures à R2.7.3 | ||
| Schneider Electric | N/A | SpaceLogic C-Bus Network Automation Controller 5500AC2 versions antérieures à 1.11.0 | ||
| Schneider Electric | N/A | Smart-UPS SCL Series versions antérieures à 15.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Schneider Electric C-Bus Network Automation Controller LSS5500SHAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Clipsal C-Bus Network Automation Controller 5500SHAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Conext ComBox toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SpaceLogic C-Bus Network Automation Controller 5500NAC2 versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "CanBRASS versions ant\u00e9rieures \u00e0 7.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "StruxureWare Data Center Expert versions ant\u00e9rieures \u00e0 7.9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Power Commission versions ant\u00e9rieures \u00e0 2.22",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Smart-UPS SMT SMC, SMX, SRC, XU, XP, SURTD, CHS2 et SRTL Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Cybersecurity Admin Expert (CAE) versions ant\u00e9rieures \u00e0 2.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "IGSS Data Server versions ant\u00e9rieures \u00e0 15.0.0.22170",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Geo SCADA Mobile versions ant\u00e9rieures au Build 202205171",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Smart-UPS SRT Series versions ant\u00e9rieures \u00e0 15.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric C-Bus Network Automation Controller LSS5500NAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Power Build: Rapsody Software versions ant\u00e9rieures \u00e0 2.1.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC2000 versions ant\u00e9rieures \u00e0 4.03",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Versadac versions ant\u00e9rieures \u00e0 2.43",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Clipsal C-Bus Network Automation Controller 5500NAC versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SCADAPack RemoteConnect pour x70 versions ant\u00e9rieures \u00e0 R2.7.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SpaceLogic C-Bus Network Automation Controller 5500AC2 versions ant\u00e9rieures \u00e0 1.11.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Smart-UPS SCL Series versions ant\u00e9rieures \u00e0 15.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-32524",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32524"
},
{
"name": "CVE-2022-24322",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24322"
},
{
"name": "CVE-2022-22731",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22731"
},
{
"name": "CVE-2022-32514",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32514"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-32517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32517"
},
{
"name": "CVE-2022-32526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32526"
},
{
"name": "CVE-2022-32530",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32530"
},
{
"name": "CVE-2022-32748",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32748"
},
{
"name": "CVE-2022-22806",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22806"
},
{
"name": "CVE-2022-32529",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32529"
},
{
"name": "CVE-2022-32513",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32513"
},
{
"name": "CVE-2022-32747",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32747"
},
{
"name": "CVE-2022-32523",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32523"
},
{
"name": "CVE-2022-32528",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32528"
},
{
"name": "CVE-2022-32516",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32516"
},
{
"name": "CVE-2022-32522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32522"
},
{
"name": "CVE-2022-32527",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32527"
},
{
"name": "CVE-2022-32515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32515"
},
{
"name": "CVE-2021-22697",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22697"
},
{
"name": "CVE-2022-0715",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0715"
},
{
"name": "CVE-2022-0223",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0223"
},
{
"name": "CVE-2022-32519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32519"
},
{
"name": "CVE-2022-22805",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22805"
},
{
"name": "CVE-2022-24323",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24323"
},
{
"name": "CVE-2022-32512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32512"
},
{
"name": "CVE-2022-32518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32518"
},
{
"name": "CVE-2022-22732",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22732"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2022-32520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32520"
},
{
"name": "CVE-2022-32525",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32525"
},
{
"name": "CVE-2021-22698",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22698"
},
{
"name": "CVE-2022-32521",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32521"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-546",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-15T00:00:00.000000"
},
{
"description": "Modification de la version des produits IGSS Data Server",
"revision_date": "2022-06-23T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour du lien du bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 08 mars 2022.",
"revision_date": "2022-08-19T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de requ\u00eates ill\u00e9gitimes par rebond (CSRF)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-02 du 08 mars 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-067-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-02_APC-Smart-UPS_Security_Notification_V6.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-07 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-07_CanBRASS_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-06 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-06_C-Bus_Home_Automation_Products_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-067-01 du 08 mars 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-067-01_EcoStruxure_Control_Expert_and_EcoStruxure_Process_Expert_Security_Notification_V2.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-02 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-02_Geo_SCADA_Android_App_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-08 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-08_Cybersecurity_Admin_Expert_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-012-02 du 12 janvier 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-012-02_EcoStruxure_Power_Build_Rapsody_Security_Notification_V2.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-04 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-04_%20StruxureWare_Data_Center_Expert_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-01 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-01_IGSS_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-05 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-05_EcoStruxure_Power_Commission_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V8.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-165-03 du 14 juin 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-165-03_ConextCombox_Security_Notification.pdf"
}
]
}
CERTFR-2022-AVI-1093
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Modicon M580 CPU Safety (BMEP58*S et BMEH58*S) toutes versions | ||
| N/A | N/A | APC Easy UPS Online Monitoring versions antérieures à 2.5-GA-01-22320 | ||
| N/A | N/A | EcoStruxure Power Commission versions antérieures à 2.26 | ||
| N/A | N/A | SAITEL DR RTU Baseline 11.06.x antérieures à 1.06.15 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon M580 CPU Safety (BMEP58*S et BMEH58*S) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "APC Easy UPS Online Monitoring versions ant\u00e9rieures \u00e0 2.5-GA-01-22320",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power Commission versions ant\u00e9rieures \u00e0 2.26",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SAITEL DR RTU Baseline 11.06.x ant\u00e9rieures \u00e0 1.06.15",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6846"
},
{
"name": "CVE-2022-42971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42971"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
},
{
"name": "CVE-2022-42973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42973"
},
{
"name": "CVE-2019-6841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6841"
},
{
"name": "CVE-2021-22779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
},
{
"name": "CVE-2021-22790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
},
{
"name": "CVE-2022-37301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
},
{
"name": "CVE-2018-7241",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
},
{
"name": "CVE-2021-22786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22786"
},
{
"name": "CVE-2018-7242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
},
{
"name": "CVE-2019-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6844"
},
{
"name": "CVE-2019-6842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6842"
},
{
"name": "CVE-2020-6996",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6996"
},
{
"name": "CVE-2022-37300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37300"
},
{
"name": "CVE-2021-22789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
},
{
"name": "CVE-2019-6847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6847"
},
{
"name": "CVE-2021-22792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
},
{
"name": "CVE-2022-42970",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42970"
},
{
"name": "CVE-2019-6843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6843"
},
{
"name": "CVE-2018-7240",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2022-4062",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4062"
},
{
"name": "CVE-2022-42972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42972"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1093",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider du 13 d\u00e9cembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01-APC_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
]
}
CERTFR-2022-AVI-815
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Modicon MC80 sans le correctif de sécurité BMKC8020301 | ||
| N/A | N/A | CANopen X80 Communication Module (BMECXM0100) toutes versions | ||
| Schneider Electric | N/A | Modicon MC80 (BMKC80) versions antérieures à 1.8 | ||
| Schneider Electric | N/A | Modicon MC80 Controller (BMKC8*) versions antérieures à 1.8 | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication Modules BMXNOE0110 (H) toutes versions | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication Modules BMXNOE0100 (H) toutes versions | ||
| N/A | N/A | EcoStruxure™ Control Expert version 15.1 sans le dernier correctif de sécurité | ||
| Schneider Electric | N/A | Modicon RTU BMXNOR0200H versions antérieures à 1.7 IR24 | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication Module BMXNOR0200H RTU versions antérieures à 1.7 IR24 | ||
| Schneider Electric | Modicon M340 | Modicon M340 Ethernet TCP/IP Network Module BMXNOC0401 versions antérieures à 2.11 | ||
| Schneider Electric | N/A | Profibus Remote Master (TCSEGPA23F14F) toutes versions | ||
| Schneider Electric | N/A | Lexium ILE ILA ILS Communication Drive versions antérieures à 01.110 | ||
| Schneider Electric | Modicon M340 | Modicon M340 X80 Ethernet Communication module BMXNOC0401 versions antérieures à version 2.11 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon MC80 sans le correctif de s\u00e9curit\u00e9 BMKC8020301",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "CANopen X80 Communication Module (BMECXM0100) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon MC80 (BMKC80) versions ant\u00e9rieures \u00e0 1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon MC80 Controller (BMKC8*) versions ant\u00e9rieures \u00e0 1.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication Modules BMXNOE0110 (H) toutes versions",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication Modules BMXNOE0100 (H) toutes versions",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure\u2122 Control Expert version 15.1 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon RTU BMXNOR0200H versions ant\u00e9rieures \u00e0 1.7 IR24",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication Module BMXNOR0200H RTU versions ant\u00e9rieures \u00e0 1.7 IR24",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 Ethernet TCP/IP Network Module BMXNOC0401 versions ant\u00e9rieures \u00e0 2.11",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Profibus Remote Master (TCSEGPA23F14F) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Lexium ILE ILA ILS Communication Drive versions ant\u00e9rieures \u00e0 01.110",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 X80 Ethernet Communication module BMXNOC0401 versions ant\u00e9rieures \u00e0 version 2.11",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7564",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7564"
},
{
"name": "CVE-2020-7563",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7563"
},
{
"name": "CVE-2020-7535",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7535"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2020-7549",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7549"
},
{
"name": "CVE-2021-31401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31401"
},
{
"name": "CVE-2022-37301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
},
{
"name": "CVE-2018-7241",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
},
{
"name": "CVE-2022-0222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0222"
},
{
"name": "CVE-2018-7242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
},
{
"name": "CVE-2021-31400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31400"
},
{
"name": "CVE-2021-22788",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22788"
},
{
"name": "CVE-2020-35685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35685"
},
{
"name": "CVE-2020-7562",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7562"
},
{
"name": "CVE-2020-35683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35683"
},
{
"name": "CVE-2020-35684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35684"
},
{
"name": "CVE-2020-7536",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7536"
},
{
"name": "CVE-2018-7857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7857"
},
{
"name": "CVE-2019-6807",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6807"
},
{
"name": "CVE-2018-7240",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
},
{
"name": "CVE-2011-4859",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4859"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-22787",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22787"
},
{
"name": "CVE-2021-22785",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22785"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V11.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-257-02 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-257-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-257-02_Web_Server_Modicon_M340_Quantum_and_Premium_and_Communication_Modules_V2.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V4.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-06 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-06\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-343-06_Web_Server_Modicon_M340_Premium_Quantum_Communication_Modules_Security_Notification_V2.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-07 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-07\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-343-07_SNMP_Service_Modicon_M340_CPU_Security_Notification_V2.1.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-217-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification_V3.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-134-11 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-134-11_Modicon_Controllers_Security_Notification_V7.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V2.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SESB-2019-214-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2019-214-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SESB-2019-214-01_Wind_River_VxWorks_Security_Bulletin_V2.14.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-315-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-315-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-315-01_Modicon_Web_Server_Security_Notification_V3.0.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2020-343-05 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2020-343-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2020-343-05-Web_Server_Modicon_M340_Premium_Quantum_Communication_Modules_Security_Notification_V2.1.pdf"
}
],
"reference": "CERTFR-2022-AVI-815",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-09-13T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-256-01 du 13 septembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-256-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-256-01-EcoStruxure_Machine_SCADA_ExpertPro-face_BLUE_Open_Studio_Security_Notification.pdf"
}
]
}
CERTFR-2021-AVI-853
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions | ||
| N/A | N/A | versadac, toutes versions | ||
| Schneider Electric | N/A | EPack toutes versions | ||
| N/A | N/A | EPC2000 toutes versions | ||
| N/A | N/A | Modicon M262 Logic Controllers firmware version 5.1.5.35 et antérieures | ||
| N/A | N/A | SCD6000 Industrial RTU Version antérieures à SCD6000 is SY-1101211_Mand | ||
| N/A | N/A | SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et antérieures | ||
| N/A | N/A | NMC embedded devices | ||
| N/A | N/A | BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions | ||
| N/A | N/A | BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions | ||
| Schneider Electric | N/A | Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et antérieures | ||
| Symfony | process | EcoStruxure Process Expert versions antérieures à V2021 | ||
| N/A | N/A | Tricon Communication Modules versions antérieures à 11.8 | ||
| N/A | N/A | TelevisAir V3.0 Dongle BTLE (part number ADBT42* et antérieures) | ||
| Schneider Electric | Modicon M340 | Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions | ||
| Schneider Electric | N/A | Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et antérieures | ||
| Schneider Electric | N/A | T2750 PAC, toutes versions | ||
| Schneider Electric | N/A | Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et antérieures | ||
| N/A | N/A | HMISTO Series HMISTU/S5T Series toutes versions | ||
| Schneider Electric | N/A | TCSEGPA23F14F, BMECXM0100 toutes versions | ||
| N/A | N/A | HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et antérieures | ||
| N/A | N/A | BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions | ||
| N/A | N/A | Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions | ||
| N/A | N/A | Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et antérieures | ||
| N/A | N/A | Momentum ENT (170ENT11*) toutes versions | ||
| Schneider Electric | N/A | nanodac toutes versions | ||
| Schneider Electric | N/A | Network Management Card 2 (NMC2) | ||
| Schneider Electric | N/A | Schneider Electric Software Update, V2.3.0 à V2.5.1 | ||
| N/A | N/A | Network Management Card 3 (NMC3) | ||
| N/A | N/A | 6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions | ||
| Schneider Electric | N/A | BMXNOM0200 toutes versions | ||
| N/A | N/A | BMENOP0300, BMXNOR0200 toutes versions | ||
| Schneider Electric | N/A | Modicon LMC078 toutes versions | ||
| Schneider Electric | N/A | E+PLC400 toutes versions | ||
| N/A | N/A | Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et antérieures |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "versadac, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EPack toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC2000 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M262 Logic Controllers firmware version 5.1.5.35 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SCD6000 Industrial RTU Version ant\u00e9rieures \u00e0 SCD6000 is SY-1101211_Mand",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "NMC embedded devices",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 V2021",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Tricon Communication Modules versions ant\u00e9rieures \u00e0 11.8",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TelevisAir V3.0 Dongle BTLE (part number ADBT42* et ant\u00e9rieures)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "T2750 PAC, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISTO Series HMISTU/S5T Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TCSEGPA23F14F, BMECXM0100 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Momentum ENT (170ENT11*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "nanodac toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 2 (NMC2)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Software Update, V2.3.0 \u00e0 V2.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 3 (NMC3)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOM0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMENOP0300, BMXNOR0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon LMC078 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "E+PLC400 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22808",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22808"
},
{
"name": "CVE-2021-34527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
},
{
"name": "CVE-2021-22811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
},
{
"name": "CVE-2021-22813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22807"
},
{
"name": "CVE-2021-22810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
},
{
"name": "CVE-2021-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
},
{
"name": "CVE-2021-1675",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
},
{
"name": "CVE-2021-22812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
},
{
"name": "CVE-2021-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22809"
},
{
"name": "CVE-2021-22814",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-22799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22799"
},
{
"name": "CVE-2021-22816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22816"
}
],
"links": [],
"reference": "CERTFR-2021-AVI-853",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-07 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-01 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-06 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-02 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
]
}
CERTFR-2022-AVI-328
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Modicon M262 Logic Controllers versions antérieures à V5.1.6.1 | ||
| Schneider Electric | N/A | MiCOM C264 versions antérieures à B5.118, D1.92, D4.38, D5.25I et D6.18 | ||
| Schneider Electric | N/A | PowerLogic ION7400 versions antérieures à 3.1.0 | ||
| Schneider Electric | N/A | EPC2000 toutes versions | ||
| Schneider Electric | N/A | EPack toutes versions | ||
| N/A | N/A | Easy Harmony GXU (gamme HMIGXU) Vijeo Designer Basic versions antérieures à 1.2.1 | ||
| Schneider Electric | N/A | nanodac versions antérieures à 10.02 | ||
| N/A | N/A | Versadac toutes versions | ||
| Schneider Electric | N/A | BMXNOR0200H RTU toutes versions | ||
| Schneider Electric | N/A | EPC3000 versions antérieures à V5.20 | ||
| Schneider Electric | N/A | Modicon M241/M251 Logic Controllers versions antérieures à V5.1.9.34 | ||
| Schneider Electric | N/A | SAGE RTU CPU C3414 version antérieures à C3414-500-S02K5_P5 de SAGE RTU CPU3414 | ||
| Schneider Electric | N/A | BMXNOE0100 (H) toutes versions | ||
| N/A | N/A | JACE-8000 versions antérieures à Niagara 4.10u1 | ||
| Schneider Electric | N/A | BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions | ||
| Schneider Electric | N/A | 6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions | ||
| Schneider Electric | N/A | Eurotherm E+PLC100 toutes versions | ||
| N/A | N/A | SCD6000 Industrial RTU versions antérieures à SY-1101207, et N de SCD6000 | ||
| Schneider Electric | N/A | Pro-face SP-5B00, SP-5B10, SP-5B90, gamme ST6000 (modèle GP-ProEX), gamme ET6000 versions antérieures à V4.09.350 | ||
| Schneider Electric | N/A | Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*),V1.50 toutes versions | ||
| N/A | N/A | BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions | ||
| Schneider Electric | N/A | BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions | ||
| Schneider Electric | N/A | Easergy MiCOM P40 toutes versions | ||
| N/A | N/A | Modicon M258/LMC058 Logic Controllers versions antérieures à 5.0.4.18 | ||
| Schneider Electric | N/A | Modicon Quantum CPU et Communication Modules toutes versions | ||
| N/A | N/A | Modicon Premium CPU et Communication Modules toutes versions | ||
| N/A | N/A | Easergy MiCOM P30 versions 660 à 674 | ||
| Schneider Electric | N/A | PowerLogic ION9000 versions antérieures à 3.1.0 | ||
| Schneider Electric | N/A | Easergy C5x (C52/C53) versions antérieures à 1.0.5 | ||
| Schneider Electric | N/A | gammes HMISTO et HMISTU/S5T toutes versions | ||
| Schneider Electric | N/A | PacDrive Eco/Pro/Pro2 Logic Controllers versions antérieures à V1.66.5.1 | ||
| Schneider Electric | N/A | Easergy P5 versions antérieures à 01.401.101 | ||
| Schneider Electric | N/A | CPU Modicon M580 (BMEP* et BMEH*), BMXNOM0200 toutes versions | ||
| N/A | N/A | BMXNOE0110 (H) toutes versions | ||
| Schneider Electric | N/A | Gammes Pro-face GP4000, LT4000M et GP4000H toutes versions | ||
| Schneider Electric | N/A | TCSEGPA23F14F, BMECXM0100 toutes versions | ||
| N/A | N/A | HMISCU Vijeo Designer versions V6.2SP11 et antérieures | ||
| N/A | N/A | PowerLogic PM8000 versions antérieures à 3.1.0 | ||
| N/A | N/A | PacDrive M toutes versions | ||
| N/A | N/A | Easy Harmony ET6 (gamme HMIET) Vijeo Designer Basic versions antérieures à 1.2.1 | ||
| N/A | N/A | Momentum ENT (170ENT11*) toutes versions | ||
| N/A | N/A | Gammes Pro-face GP4100, GP4000E et GP4000M toutes versions | ||
| Schneider Electric | N/A | BMXNOM0200 toutes versions | ||
| N/A | N/A | IGSS Data Server versions antérieures à 15.0.0.22074 | ||
| N/A | N/A | BMENOP0300, BMXNOR0200 toutes versions | ||
| Schneider Electric | N/A | Modicon LMC078 toutes versions | ||
| Schneider Electric | N/A | Harmony/ Magelis, gammes HMIGTU, HMIGTUX et HMIGK versions antérieures à 6.2 SP11 Multi HotFix 4 | ||
| Schneider Electric | Modicon M340 | Modicon M340 versions antérieures à 3.50 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon M262 Logic Controllers versions ant\u00e9rieures \u00e0 V5.1.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "MiCOM C264 versions ant\u00e9rieures \u00e0 B5.118, D1.92, D4.38, D5.25I et D6.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PowerLogic ION7400 versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC2000 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPack toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easy Harmony GXU (gamme HMIGXU) Vijeo Designer Basic versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "nanodac versions ant\u00e9rieures \u00e0 10.02",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Versadac toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOR0200H RTU toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC3000 versions ant\u00e9rieures \u00e0 V5.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M241/M251 Logic Controllers versions ant\u00e9rieures \u00e0 V5.1.9.34",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SAGE RTU CPU C3414 version ant\u00e9rieures \u00e0 C3414-500-S02K5_P5 de SAGE RTU CPU3414",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMXNOE0100 (H) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "JACE-8000 versions ant\u00e9rieures \u00e0 Niagara 4.10u1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Eurotherm E+PLC100 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "SCD6000 Industrial RTU versions ant\u00e9rieures \u00e0 SY-1101207, et N de SCD6000",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face SP-5B00, SP-5B10, SP-5B90, gamme ST6000 (mod\u00e8le GP-ProEX), gamme ET6000 versions ant\u00e9rieures \u00e0 V4.09.350",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*),V1.50 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easergy MiCOM P40 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M258/LMC058 Logic Controllers versions ant\u00e9rieures \u00e0 5.0.4.18",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon Quantum CPU et Communication Modules toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon Premium CPU et Communication Modules toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Easergy MiCOM P30 versions 660 \u00e0 674",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION9000 versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easergy C5x (C52/C53) versions ant\u00e9rieures \u00e0 1.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "gammes HMISTO et HMISTU/S5T toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "PacDrive Eco/Pro/Pro2 Logic Controllers versions ant\u00e9rieures \u00e0 V1.66.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easergy P5 versions ant\u00e9rieures \u00e0 01.401.101",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "CPU Modicon M580 (BMEP* et BMEH*), BMXNOM0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMXNOE0110 (H) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Gammes Pro-face GP4000, LT4000M et GP4000H toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "TCSEGPA23F14F, BMECXM0100 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISCU Vijeo Designer versions V6.2SP11 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic PM8000 versions ant\u00e9rieures \u00e0 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PacDrive M toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Easy Harmony ET6 (gamme HMIET) Vijeo Designer Basic versions ant\u00e9rieures \u00e0 1.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Momentum ENT (170ENT11*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Gammes Pro-face GP4100, GP4000E et GP4000M toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOM0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "IGSS Data Server versions ant\u00e9rieures \u00e0 15.0.0.22074",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMENOP0300, BMXNOR0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon LMC078 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Harmony/ Magelis, gammes HMIGTU, HMIGTUX et HMIGK versions ant\u00e9rieures \u00e0 6.2 SP11 Multi HotFix 4",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 versions ant\u00e9rieures \u00e0 3.50",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22156"
},
{
"name": "CVE-2022-0222",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0222"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2022-24324",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24324"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-328",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-04-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-102-02 du 12 avril 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-102-02_Modicon_M340_Controller_and_Communication_Modules_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-102-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-102-01 du 12 avril 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-102-01_IGSS_Security_Notification.pdf\u0026p_Doc_Ref=SEVD-2022-102-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021 mis \u00e0 jour le 12 avril 2022",
"url": "https://download.schneider-electric.com/files?p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V6.0.pdf\u0026p_Doc_Ref=SEVD-2021-313-05"
}
]
}
CERTFR-2023-AVI-0298
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Solid Edge SE2023 avec KeyShot 11 versions antérieures à V2023.1 | ||
| Siemens | N/A | TIA Portal V18 versions antérieures à V18 Update 1 | ||
| Siemens | N/A | TeleControl Server Basic V3 | ||
| Siemens | N/A | Polarion ALM versions antérieures à V2304.0 | ||
| Siemens | N/A | CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05 | ||
| Siemens | N/A | TIA Portal V15, V16 et V17 | ||
| Siemens | N/A | JT2Go versions antérieures à V14.2.0.2 | ||
| Siemens | N/A | De nombreuses références SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se référer aux bulletins de sécurité de l'éditeur pour la liste complète | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU family | ||
| Siemens | N/A | Teamcenter Visualization V13.2 versions antérieures à V13.2.0.13 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 8 compatible) versions antérieures à V4.1.1 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 9 compatible) versions antérieures à V5.1.1 | ||
| Siemens | N/A | SIMATIC CP 443-1 Advanced versions antérieures à V3.2.17 | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced versions antérieures à V3.0.53 | ||
| Siemens | N/A | Teamcenter Visualization V14.0 versions antérieures à V14.0.0.5 | ||
| Siemens | N/A | SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.2 | ||
| Siemens | N/A | JT Open versions antérieures à V11.3.2.0 | ||
| Siemens | N/A | Teamcenter Visualization V14.2 versions antérieures à V14.2.0.2 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 7 compatible) versions antérieures à V3.7.1 | ||
| Siemens | N/A | JT Utilities versions antérieures à V13.3.0.0 | ||
| Siemens | N/A | Teamcenter Visualization V13.3 versions antérieures à V13.3.0.9 | ||
| Siemens | N/A | OpenPCS 7 V9.1 | ||
| Siemens | N/A | SIMATIC S7-300 CPU family versions antérieures à V3.X.18 | ||
| Siemens | N/A | Teamcenter Visualization V14.1 versions antérieures à V14.1.0.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solid Edge SE2023 avec KeyShot 11 versions ant\u00e9rieures \u00e0 V2023.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V18 versions ant\u00e9rieures \u00e0 V18 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TeleControl Server Basic V3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Polarion ALM versions ant\u00e9rieures \u00e0 V2304.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V15, V16 et V17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go versions ant\u00e9rieures \u00e0 V14.2.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "De nombreuses r\u00e9f\u00e9rences SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU family",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.2 versions ant\u00e9rieures \u00e0 V13.2.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V4.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 V5.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 Advanced versions ant\u00e9rieures \u00e0 V3.2.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced versions ant\u00e9rieures \u00e0 V3.0.53",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.0 versions ant\u00e9rieures \u00e0 V14.0.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Open versions ant\u00e9rieures \u00e0 V11.3.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.2 versions ant\u00e9rieures \u00e0 V14.2.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V3.7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.3.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 CPU family versions ant\u00e9rieures \u00e0 V3.X.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.1 versions ant\u00e9rieures \u00e0 V14.1.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2023-28828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28828"
},
{
"name": "CVE-2016-8673",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8673"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2023-28766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28766"
},
{
"name": "CVE-2021-27044",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27044"
},
{
"name": "CVE-2022-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2023-29053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29053"
},
{
"name": "CVE-2023-28489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28489"
},
{
"name": "CVE-2022-43767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43767"
},
{
"name": "CVE-2022-44725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44725"
},
{
"name": "CVE-2023-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29054"
},
{
"name": "CVE-2023-23588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23588"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2016-8672",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8672"
},
{
"name": "CVE-2023-26293",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26293"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-43716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43716"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2022-43768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43768"
},
{
"name": "CVE-2023-27464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27464"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2023-1709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1709"
},
{
"name": "CVE-2022-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0298",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-699404 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-699404.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-479249 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-479249.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-572164 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-572164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-691715 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-691715.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-511182 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-511182.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-566905 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-642810 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-642810.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-603476 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-603476.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-813746 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-813746.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-629917 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-629917.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-558014 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-558014.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-322980 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-322980.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-116924 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-116924.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-632164 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-632164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-472454 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-472454.html"
}
]
}
CERTFR-2023-AVI-0363
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | OPC Factory Server (OFS) versions antérieures à V3.63SP2 | ||
| N/A | N/A | Modicon X80 Module (part number BMXNOM0200) versions antérieures à V1.60 | ||
| N/A | N/A | PowerLogic PM8000 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | PowerLogic ION7400 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | EcoStruxure Power Operation versions 2022 antérieures à 2022 CU1 | ||
| N/A | N/A | EcoStruxure Power Operation versions 2021 antérieures à 2021 CU3 | ||
| N/A | N/A | Produits Legacy ION toutes versions | ||
| N/A | N/A | PowerLogic ION9000 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | Power SCADA Anywhere versions 1.1 et 1.2 antérieures à Plant SCADA Anywhere version 2023 | ||
| N/A | N/A | PowerLogic ION8650 toutes versions | ||
| N/A | N/A | Altivar 32/320 et Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions antérieures à V1.20IE01 | ||
| N/A | N/A | EcoStruxure Power SCADA Operation versions 2020 R2 | ||
| N/A | N/A | PowerLogic ION8800 toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OPC Factory Server (OFS) versions ant\u00e9rieures \u00e0 V3.63SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon X80 Module (part number BMXNOM0200) versions ant\u00e9rieures \u00e0 V1.60",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic PM8000 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION7400 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power Operation versions 2022 ant\u00e9rieures \u00e0 2022 CU1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power Operation versions 2021 ant\u00e9rieures \u00e0 2021 CU3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Produits Legacy ION toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION9000 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Power SCADA Anywhere versions 1.1 et 1.2 ant\u00e9rieures \u00e0 Plant SCADA Anywhere version 2023",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION8650 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Altivar 32/320 et Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions ant\u00e9rieures \u00e0 V1.20IE01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power SCADA Operation versions 2020 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION8800 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-23854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23854"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-46680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46680"
},
{
"name": "CVE-2021-31401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31401"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-31400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31400"
},
{
"name": "CVE-2023-1256",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1256"
},
{
"name": "CVE-2020-35685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35685"
},
{
"name": "CVE-2020-35683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35683"
},
{
"name": "CVE-2020-35684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35684"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2023-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2161"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0363",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-09T00:00:00.000000"
},
{
"description": "Ajout des num\u00e9ros de CVE manquants",
"revision_date": "2023-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-01 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-01.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-217-01 du 05 ao\u00fbt 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-03 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-03.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-04 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-04.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-02 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-02.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf"
}
]
}
CERTFR-2021-AVI-639
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les systèmes d'exploitation temps réel (RTOS, Real Time OS). Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.
Cette famille de vulnérabilités dans les RTOS a été découverte, décrite puis nommée « BadAlloc » par Microsoft, appellation donnée en raison de l’absence de vérification des entrées dans l’allocateur mémoire de tas. Ces vulnérabilités d'exécution de code à distance (RCE) sont référencées par 26 CVEs et affectent potentiellement un large éventail de domaines, de l'IoT grand public et médical à l'IoT industriel, aux technologies opérationnelles (OT) et aux systèmes de contrôle industriel. Une dizaine d’éditeurs sont concernés.
Solution
- Les intégrateurs de ces RTOS sont invités à prendre contact rapidement avec l’éditeur du produit affecté afin de corriger leurs propres solutions et diffuser le correctif ;
- Les utilisateurs d’équipements basés sur ces RTOS sont invités à prendre contact avec le fournisseur afin de mettre à jour les équipements affectés ;
- Il convient en outre d’appliquer les bonnes pratiques référencées
dans le guide ANSSI [1] et notamment celles ci-après.
- S’assurer que les appareils concernés ne sont pas accessibles depuis Internet.
- S’assurer que les systèmes ne se connectent qu'à des réseaux ou sous-réseaux isolés de confiance. Adopter une démarche de défense en profondeur permet de se protéger contre des menaces qui ne sont pas encore connues, de diminuer le périmètre sur lequel une menace est exercée ou d’en atténuer l’impact. Le simple cloisonnement des réseaux par des pare-feux ne suffit pas. D’autres mécanismes doivent l’accompagner et à différents niveaux (contrôle d’accès physique, durcissement des configurations, protection antivirale...).
- Inclure des mécanismes de détection et de surveillance des installations. Surveiller de façon permanente les appareils à la recherche de comportements anormaux ou non autorisés tels que la communication avec des hôtes locaux ou distants inconnus. Enfin la collecte des informations au travers des journaux d’alarmes et d’événements est indispensable aux analyses ultérieures. Ces journaux pourront dans certains cas apporter des éléments utiles et des preuves dans le cadre d’une enquête judiciaire.
- Réduire la surface d'attaque en éliminant les services sans utilité fonctionnelle ou non sécurisés.
[1] Guide de l'ANSSI sur la sécurité industrielle : https://www.ssi.gouv.fr/uploads/IMG/pdf/Guide_securite_industrielle_Version_finale.pdf
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | RIOT OS version 2020.01.1 | ||
| N/A | N/A | Texas Instruments SimpleLink-CC32XX versions antérieures à 4.10.03 | ||
| N/A | N/A | Media Tek LinkIt SDK versions antérieures à 4.6.1 | ||
| N/A | N/A | NXP MCUXpresso SDK versions antérieures à 2.8.2 | ||
| N/A | N/A | Texas Instruments SimpleLink MSP432E4XX | ||
| N/A | N/A | Windriver VxWorks versions antérieures à 7.0 | ||
| N/A | N/A | Micrium OS, versions antérieures à 5.10.1 | ||
| N/A | N/A | Texas Instruments SimpleLink-CC13XX versions antérieures à 4.40.00 | ||
| N/A | N/A | ARM CMSIS-RTOS2 versions antérieures à 2.1.3 | ||
| N/A | N/A | Micrium uC/OS: uC/LIB versions antérieures à 1.39.00 | ||
| N/A | N/A | Texas Instruments SimpleLink-CC26XX versions antérieures à 4.40.00 | ||
| N/A | N/A | NXP MQX versions antérieures à 5.1 | ||
| N/A | N/A | ARM Mbed OS version 6.3.0 | ||
| N/A | N/A | TencentOS-tiny, version 3.1.0 | ||
| N/A | N/A | Texas Instruments CC32XX versions antérieures à 4.40.00.07 | ||
| N/A | N/A | Redhat newlib versions antérieures à 4.0.0 | ||
| N/A | N/A | BlackBerry QNX SDP versions antérieures à 6.5.0SP1 sans le dernier correctif | ||
| N/A | N/A | BlackBerry QNX OS for Safety versions antérieures à 1.0.2 | ||
| N/A | N/A | ARM mbed-ualloc version 1.3.0 | ||
| Apache | N/A | Apache Nuttx OS version 9.1.0 | ||
| N/A | N/A | Uclibc-NG versions antérieures à 1.0.36 | ||
| Apache | N/A | Amazon FreeRTOS version 10.4.1 | ||
| N/A | N/A | BlackBerry QNX OS for Medical versions antérieures à 1.1.1 | ||
| Apache | N/A | Linux Zephyr RTOS versions antérieures à 2.5.0 | ||
| N/A | N/A | Zephyr Project RTOS versions antérieures à 2.5 | ||
| N/A | N/A | eCosCentric eCosPro RTOS versions 2.0.1 à 4.5.3 | ||
| N/A | N/A | Samsung Tizen RT RTOS versions antérieures à 3.0.GBB | ||
| N/A | N/A | Cesanta Software Mongoose OS version 2.17.0 | ||
| N/A | Google Cloud IoT Device SDK version 1.0.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "RIOT OS version 2020.01.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Texas Instruments SimpleLink-CC32XX versions ant\u00e9rieures \u00e0 4.10.03",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Media Tek LinkIt SDK versions ant\u00e9rieures \u00e0 4.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "NXP MCUXpresso SDK versions ant\u00e9rieures \u00e0 2.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Texas Instruments SimpleLink MSP432E4XX",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Windriver VxWorks versions ant\u00e9rieures \u00e0 7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Micrium OS, versions ant\u00e9rieures \u00e0 5.10.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Texas Instruments SimpleLink-CC13XX versions ant\u00e9rieures \u00e0 4.40.00",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ARM CMSIS-RTOS2 versions ant\u00e9rieures \u00e0 2.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Micrium uC/OS: uC/LIB versions ant\u00e9rieures \u00e0 1.39.00",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Texas Instruments SimpleLink-CC26XX versions ant\u00e9rieures \u00e0 4.40.00",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "NXP MQX versions ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ARM Mbed OS version 6.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TencentOS-tiny, version 3.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Texas Instruments CC32XX versions ant\u00e9rieures \u00e0 4.40.00.07",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Redhat newlib versions ant\u00e9rieures \u00e0 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BlackBerry QNX SDP versions ant\u00e9rieures \u00e0 6.5.0SP1 sans le dernier correctif",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BlackBerry QNX OS for Safety versions ant\u00e9rieures \u00e0 1.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ARM mbed-ualloc version 1.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Apache Nuttx OS version 9.1.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Uclibc-NG versions ant\u00e9rieures \u00e0 1.0.36",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Amazon FreeRTOS version 10.4.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "BlackBerry QNX OS for Medical versions ant\u00e9rieures \u00e0 1.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Linux Zephyr RTOS versions ant\u00e9rieures \u00e0 2.5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Apache",
"scada": false
}
}
},
{
"description": "Zephyr Project RTOS versions ant\u00e9rieures \u00e0 2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eCosCentric eCosPro RTOS versions 2.0.1 \u00e0 4.5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Samsung Tizen RT RTOS versions ant\u00e9rieures \u00e0 3.0.GBB",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Cesanta Software Mongoose OS version 2.17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Google Cloud IoT Device SDK version 1.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\n- Les int\u00e9grateurs de ces RTOS sont invit\u00e9s \u00e0 prendre contact\n rapidement avec l\u2019\u00e9diteur du produit affect\u00e9 afin de corriger leurs\n propres solutions et diffuser le correctif\u00a0;\n- Les utilisateurs d\u2019\u00e9quipements bas\u00e9s sur ces RTOS sont invit\u00e9s \u00e0\n prendre contact avec le fournisseur afin de mettre \u00e0 jour les\n \u00e9quipements affect\u00e9s\u00a0;\n- Il convient en outre d\u2019appliquer les bonnes pratiques r\u00e9f\u00e9renc\u00e9es\n dans le guide ANSSI \\[1\\] et notamment celles ci-apr\u00e8s.\n - S\u2019assurer que les appareils concern\u00e9s ne sont pas accessibles\n depuis Internet.\n - S\u2019assurer que les syst\u00e8mes ne se connectent qu\u0027\u00e0 des r\u00e9seaux ou\n sous-r\u00e9seaux isol\u00e9s de confiance. Adopter une d\u00e9marche de\n d\u00e9fense en profondeur permet de se prot\u00e9ger contre des menaces\n qui ne sont pas encore connues, de diminuer le p\u00e9rim\u00e8tre sur\n lequel une menace est exerc\u00e9e ou d\u2019en att\u00e9nuer l\u2019impact. Le\n simple cloisonnement des r\u00e9seaux par des pare-feux ne suffit\n pas. D\u2019autres m\u00e9canismes doivent l\u2019accompagner et \u00e0 diff\u00e9rents\n niveaux (contr\u00f4le d\u2019acc\u00e8s physique, durcissement des\n configurations, protection antivirale...).\n - Inclure des m\u00e9canismes de d\u00e9tection et de surveillance des\n installations. Surveiller de fa\u00e7on permanente les appareils \u00e0 la\n recherche de comportements anormaux ou non autoris\u00e9s tels que la\n communication avec des h\u00f4tes locaux ou distants inconnus. Enfin\n la collecte des informations au travers des journaux d\u2019alarmes\n et d\u2019\u00e9v\u00e9nements est indispensable aux analyses ult\u00e9rieures. Ces\n journaux pourront dans certains cas apporter des \u00e9l\u00e9ments utiles\n et des preuves dans le cadre d\u2019une enqu\u00eate judiciaire.\n - R\u00e9duire la surface d\u0027attaque en \u00e9liminant les services sans\n utilit\u00e9 fonctionnelle ou non s\u00e9curis\u00e9s.\n\n\\[1\\] Guide de l\u0027ANSSI sur la s\u00e9curit\u00e9 industrielle :\n\u003chttps://www.ssi.gouv.fr/uploads/IMG/pdf/Guide_securite_industrielle_Version_finale.pdf\u003e\n",
"cves": [
{
"name": "CVE-2021-27502",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27502"
},
{
"name": "CVE-2021-27504",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27504"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-31572",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31572"
},
{
"name": "CVE-2021-22684",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22684"
},
{
"name": "CVE-2021-22680",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22680"
},
{
"name": "CVE-2021-26461",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26461"
},
{
"name": "CVE-2021-27431",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27431"
},
{
"name": "CVE-2021-31571",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31571"
},
{
"name": "CVE-2021-22156",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22156"
},
{
"name": "CVE-2021-26706",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-26706"
},
{
"name": "CVE-2021-27419",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27419"
},
{
"name": "CVE-2021-22636",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22636"
},
{
"name": "CVE-2021-27429",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27429"
},
{
"name": "CVE-2021-27433",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27433"
},
{
"name": "CVE-2021-27421",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27421"
},
{
"name": "CVE-2021-27425",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27425"
},
{
"name": "CVE-2021-27417",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27417"
},
{
"name": "CVE-2021-3420",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3420"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-27427",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27427"
},
{
"name": "CVE-2021-27439",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27439"
},
{
"name": "CVE-2020-13603",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13603"
},
{
"name": "CVE-2021-30636",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30636"
},
{
"name": "CVE-2021-27435",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27435"
},
{
"name": "CVE-2021-27411",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27411"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 BadAlloc icsa-21-119-04 du 20 mai 2021, mis \u00e0 jour le 17 ao\u00fbt 2021",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04"
}
],
"reference": "CERTFR-2021-AVI-639",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-08-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les syst\u00e8mes\nd\u0027exploitation temps r\u00e9el (*RTOS, Real Time OS*). Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et un\nd\u00e9ni de service \u00e0 distance.\n\nCette famille de vuln\u00e9rabilit\u00e9s dans les *RTOS* a \u00e9t\u00e9 d\u00e9couverte,\nd\u00e9crite puis nomm\u00e9e \u00ab\u00a0BadAlloc\u00a0\u00bb par Microsoft, appellation donn\u00e9e en\nraison de l\u2019absence de v\u00e9rification des entr\u00e9es dans l\u2019allocateur\nm\u00e9moire de tas. Ces vuln\u00e9rabilit\u00e9s d\u0027ex\u00e9cution de code \u00e0 distance (RCE)\nsont r\u00e9f\u00e9renc\u00e9es par 26 CVEs et affectent potentiellement un large\n\u00e9ventail de domaines, de l\u0027IoT grand public et m\u00e9dical \u00e0 l\u0027IoT\nindustriel, aux technologies op\u00e9rationnelles (OT) et aux syst\u00e8mes de\ncontr\u00f4le industriel. Une dizaine d\u2019\u00e9diteurs sont concern\u00e9s.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans des syst\u00e8mes d\u0027exploitation temps r\u00e9el",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 RedHat newlib du 17 novembre 2020",
"url": "https://sourceware.org/git/?p=newlib-cygwin.git;a=commit;h=aa106b29a6a8a1b0df9e334704292cbc32f2d44e"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ARM CMSIS RTOS2 du 24 juin 2021",
"url": "https://www.keil.com/pack/doc/CMSIS/RTOS2/html/rtos_revisionHistory.html"
},
{
"published_at": null,
"title": "\ufeffBulletin de s\u00e9curit\u00e9 BadAlloc icsa-21-119-04 du 20 mai 2021",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ARM mbed du 22 mars 2021",
"url": "https://github.com/ARMmbed/mbed-os/pull/14408"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Zephyr Project RTOS du 23 mars 2021",
"url": "https://github.com/zephyrproject-rtos/zephyr/pull/31796"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Wind River VxWorks 20210319 du 19 mars 2021",
"url": "https://support2.windriver.com/index.php?page=security-notices\u0026on=view\u0026id=7048"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Wind River VxWorks 20210203 du 03 f\u00e9vrier 2021",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-28895"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 eCosCentric eCosPro RTOS 1002437 du 16 ao\u00fbt 2021",
"url": "https://bugzilla.ecoscentric.com/show_bug.cgi?id=1002437"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 FreeRTOS du 07 d\u00e9cembre 2020",
"url": "https://github.com/FreeRTOS/FreeRTOS-Kernel/pull/224"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 BlackBerry du 17 ao\u00fbt 2021",
"url": "https://support.blackberry.com/kb/articleDetail?articleNumber=000082334\u0026language=en_US"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apache Nuttx OS du 21 juin 2021",
"url": "https://lists.apache.org/thread.html/r806fccf8b003ae812d807c6c7d97950d44ed29b2713418cbe3f2bddd%40%3Cdev.nuttx.apache.org%3E"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Texas Instruments TI-PSIRT-2020-100074 du 29 avril 2021",
"url": "https://www.ti.com/lit/an/swra709/swra709.pdf?ts=1629129702198"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Google Cloud IoT Device du 12 avril 2021",
"url": "https://github.com/GoogleCloudPlatform/iot-device-sdk-embedded-c/pull/119/files"
}
]
}
CERTFR-2022-AVI-1093
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Modicon M580 CPU Safety (BMEP58*S et BMEH58*S) toutes versions | ||
| N/A | N/A | APC Easy UPS Online Monitoring versions antérieures à 2.5-GA-01-22320 | ||
| N/A | N/A | EcoStruxure Power Commission versions antérieures à 2.26 | ||
| N/A | N/A | SAITEL DR RTU Baseline 11.06.x antérieures à 1.06.15 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Modicon M580 CPU Safety (BMEP58*S et BMEH58*S) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "APC Easy UPS Online Monitoring versions ant\u00e9rieures \u00e0 2.5-GA-01-22320",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power Commission versions ant\u00e9rieures \u00e0 2.26",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SAITEL DR RTU Baseline 11.06.x ant\u00e9rieures \u00e0 1.06.15",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6846"
},
{
"name": "CVE-2022-42971",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42971"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
},
{
"name": "CVE-2022-42973",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42973"
},
{
"name": "CVE-2019-6841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6841"
},
{
"name": "CVE-2021-22779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
},
{
"name": "CVE-2021-22790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
},
{
"name": "CVE-2022-37301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
},
{
"name": "CVE-2018-7241",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
},
{
"name": "CVE-2021-22786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22786"
},
{
"name": "CVE-2018-7242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
},
{
"name": "CVE-2019-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6844"
},
{
"name": "CVE-2019-6842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6842"
},
{
"name": "CVE-2020-6996",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-6996"
},
{
"name": "CVE-2022-37300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37300"
},
{
"name": "CVE-2021-22789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
},
{
"name": "CVE-2019-6847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6847"
},
{
"name": "CVE-2021-22792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
},
{
"name": "CVE-2022-42970",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42970"
},
{
"name": "CVE-2019-6843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6843"
},
{
"name": "CVE-2018-7240",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2022-4062",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-4062"
},
{
"name": "CVE-2022-42972",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42972"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1093",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider du 13 d\u00e9cembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-347-01-APC_Easy_UPS_Online_Monitoring_Software_Security_Notification.pdf"
}
]
}
CERTFR-2023-AVI-0298
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Solid Edge SE2023 avec KeyShot 11 versions antérieures à V2023.1 | ||
| Siemens | N/A | TIA Portal V18 versions antérieures à V18 Update 1 | ||
| Siemens | N/A | TeleControl Server Basic V3 | ||
| Siemens | N/A | Polarion ALM versions antérieures à V2304.0 | ||
| Siemens | N/A | CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions antérieures à CPCI85 V05 | ||
| Siemens | N/A | TIA Portal V15, V16 et V17 | ||
| Siemens | N/A | JT2Go versions antérieures à V14.2.0.2 | ||
| Siemens | N/A | De nombreuses références SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se référer aux bulletins de sécurité de l'éditeur pour la liste complète | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP CPU family | ||
| Siemens | N/A | Teamcenter Visualization V13.2 versions antérieures à V13.2.0.13 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 8 compatible) versions antérieures à V4.1.1 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 9 compatible) versions antérieures à V5.1.1 | ||
| Siemens | N/A | SIMATIC CP 443-1 Advanced versions antérieures à V3.2.17 | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced versions antérieures à V3.0.53 | ||
| Siemens | N/A | Teamcenter Visualization V14.0 versions antérieures à V14.0.0.5 | ||
| Siemens | N/A | SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions antérieures à V2.2 | ||
| Siemens | N/A | JT Open versions antérieures à V11.3.2.0 | ||
| Siemens | N/A | Teamcenter Visualization V14.2 versions antérieures à V14.2.0.2 | ||
| Siemens | N/A | Mendix Forgot Password (Mendix 7 compatible) versions antérieures à V3.7.1 | ||
| Siemens | N/A | JT Utilities versions antérieures à V13.3.0.0 | ||
| Siemens | N/A | Teamcenter Visualization V13.3 versions antérieures à V13.3.0.9 | ||
| Siemens | N/A | OpenPCS 7 V9.1 | ||
| Siemens | N/A | SIMATIC S7-300 CPU family versions antérieures à V3.X.18 | ||
| Siemens | N/A | Teamcenter Visualization V14.1 versions antérieures à V14.1.0.7 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Solid Edge SE2023 avec KeyShot 11 versions ant\u00e9rieures \u00e0 V2023.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V18 versions ant\u00e9rieures \u00e0 V18 Update 1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TeleControl Server Basic V3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Polarion ALM versions ant\u00e9rieures \u00e0 V2304.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP-8031 MASTER MODULE (6MF2803-1AA00) et CP-8050 MASTER MODULE (6MF2805-0AA00) versions ant\u00e9rieures \u00e0 CPCI85 V05",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIA Portal V15, V16 et V17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT2Go versions ant\u00e9rieures \u00e0 V14.2.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "De nombreuses r\u00e9f\u00e9rences SIPROTEC, SCALANCE, SIMATIC et SIPLUS, se r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour la liste compl\u00e8te",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP CPU family",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.2 versions ant\u00e9rieures \u00e0 V13.2.0.13",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 V4.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 V5.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 Advanced versions ant\u00e9rieures \u00e0 V3.2.17",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced versions ant\u00e9rieures \u00e0 V3.0.53",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.0 versions ant\u00e9rieures \u00e0 V14.0.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XCM332 (6GK5332-0GA01-2AC2) versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Open versions ant\u00e9rieures \u00e0 V11.3.2.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.2 versions ant\u00e9rieures \u00e0 V14.2.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Mendix Forgot Password (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 V3.7.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.3.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "OpenPCS 7 V9.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 CPU family versions ant\u00e9rieures \u00e0 V3.X.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Visualization V14.1 versions ant\u00e9rieures \u00e0 V14.1.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-35252",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-35252"
},
{
"name": "CVE-2023-28828",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28828"
},
{
"name": "CVE-2016-8673",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8673"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-32208",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32208"
},
{
"name": "CVE-2023-28766",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28766"
},
{
"name": "CVE-2021-27044",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27044"
},
{
"name": "CVE-2022-1652",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1652"
},
{
"name": "CVE-2022-32207",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32207"
},
{
"name": "CVE-2023-29053",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29053"
},
{
"name": "CVE-2023-28489",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28489"
},
{
"name": "CVE-2022-43767",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43767"
},
{
"name": "CVE-2022-44725",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-44725"
},
{
"name": "CVE-2023-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29054"
},
{
"name": "CVE-2023-23588",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-23588"
},
{
"name": "CVE-2021-46828",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-46828"
},
{
"name": "CVE-2016-8672",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8672"
},
{
"name": "CVE-2023-26293",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26293"
},
{
"name": "CVE-2022-40674",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-40674"
},
{
"name": "CVE-2022-43716",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43716"
},
{
"name": "CVE-2022-32205",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
},
{
"name": "CVE-2022-32206",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
},
{
"name": "CVE-2022-1729",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-1729"
},
{
"name": "CVE-2022-43768",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43768"
},
{
"name": "CVE-2023-27464",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27464"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2023-1709",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1709"
},
{
"name": "CVE-2022-30065",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0298",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-04-11T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-699404 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-699404.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-479249 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-479249.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-572164 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-572164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-691715 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-691715.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-511182 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-511182.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-566905 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-566905.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-642810 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-642810.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-603476 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-603476.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-813746 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-813746.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-629917 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-629917.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-558014 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-558014.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-322980 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-322980.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-116924 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-116924.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-632164 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-632164.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-472454 du 11 avril 2023",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-472454.html"
}
]
}
CERTFR-2022-AVI-1000
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "NetBotz 4 - 355/450/455/550/570 versions ant\u00e9rieures \u00e0 4.7.2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "ISaGRAF versions ant\u00e9rieures \u00e0 6.6.9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EPC2000 versions ant\u00e9rieures \u00e0 4.03",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-43378",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43378"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-43377",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43377"
},
{
"name": "CVE-2022-43376",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-43376"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-1000",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-11-08T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Elles permettent \u00e0 un attaquant de provoquer un contournement\nde la politique de s\u00e9curit\u00e9 et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-312-01 du 8 novembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-312-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-312-01-NetBotz_4_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-159-04 du 8 novembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-159-04_ISaGRAF_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 8 novembre 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification.pdf"
}
]
}
CERTFR-2023-AVI-0363
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | OPC Factory Server (OFS) versions antérieures à V3.63SP2 | ||
| N/A | N/A | Modicon X80 Module (part number BMXNOM0200) versions antérieures à V1.60 | ||
| N/A | N/A | PowerLogic PM8000 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | PowerLogic ION7400 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | EcoStruxure Power Operation versions 2022 antérieures à 2022 CU1 | ||
| N/A | N/A | EcoStruxure Power Operation versions 2021 antérieures à 2021 CU3 | ||
| N/A | N/A | Produits Legacy ION toutes versions | ||
| N/A | N/A | PowerLogic ION9000 antérieures à 4.0.0 sans le dernier correctif de sécurité | ||
| N/A | N/A | Power SCADA Anywhere versions 1.1 et 1.2 antérieures à Plant SCADA Anywhere version 2023 | ||
| N/A | N/A | PowerLogic ION8650 toutes versions | ||
| N/A | N/A | Altivar 32/320 et Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions antérieures à V1.20IE01 | ||
| N/A | N/A | EcoStruxure Power SCADA Operation versions 2020 R2 | ||
| N/A | N/A | PowerLogic ION8800 toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "OPC Factory Server (OFS) versions ant\u00e9rieures \u00e0 V3.63SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon X80 Module (part number BMXNOM0200) versions ant\u00e9rieures \u00e0 V1.60",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic PM8000 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION7400 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power Operation versions 2022 ant\u00e9rieures \u00e0 2022 CU1",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power Operation versions 2021 ant\u00e9rieures \u00e0 2021 CU3",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Produits Legacy ION toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION9000 ant\u00e9rieures \u00e0 4.0.0 sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Power SCADA Anywhere versions 1.1 et 1.2 ant\u00e9rieures \u00e0 Plant SCADA Anywhere version 2023",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION8650 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Altivar 32/320 et Lexium 32 Ethernet TCP/IP communication module (VW3A3616) versions ant\u00e9rieures \u00e0 V1.20IE01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Power SCADA Operation versions 2020 R2",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "PowerLogic ION8800 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-23854",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23854"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2022-46680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-46680"
},
{
"name": "CVE-2021-31401",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31401"
},
{
"name": "CVE-2021-3711",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3711"
},
{
"name": "CVE-2021-31400",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31400"
},
{
"name": "CVE-2023-1256",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-1256"
},
{
"name": "CVE-2020-35685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35685"
},
{
"name": "CVE-2020-35683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35683"
},
{
"name": "CVE-2020-35684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35684"
},
{
"name": "CVE-2020-11022",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2023-2161",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2161"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-0363",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-05-09T00:00:00.000000"
},
{
"description": "Ajout des num\u00e9ros de CVE manquants",
"revision_date": "2023-05-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-01 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-01.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-217-01 du 05 ao\u00fbt 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-217-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-217-01_NicheStack_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-03 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-03.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-04 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-04.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2023-129-02 du 9 mai 2023",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-129-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2023-129-02.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 09 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_BadAlloc_Vulnerabilities_Security_Notification.pdf"
}
]
}
FKIE_CVE-2020-35198
Vulnerability from fkie_nvd - Published: 2021-05-12 11:15 - Updated: 2024-11-21 05:26
Severity ?
Summary
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-35198 | Vendor Advisory | |
| cve@mitre.org | https://support2.windriver.com/index.php?page=security-notices | Vendor Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2020-35198 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support2.windriver.com/index.php?page=security-notices | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2E27E761-92D8-4A67-8D23-213E0C7BFFC6",
"versionEndExcluding": "6.9.4.12",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB07AF57-0F8D-4DCD-80DA-64096674F017",
"versionEndExcluding": "21.03",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*",
"matchCriteriaId": "69674D4D-2848-46BA-9367-7AA85EE2CD99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*",
"matchCriteriaId": "1052B8F5-1BC4-46B6-A8F1-F1BF9A40DDAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer2:*:*:*:*:*:*",
"matchCriteriaId": "7AABF1E5-DA6B-462D-A047-EC843F94568E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D23D483-D206-46C5-8BFE-4FA23DD8AB52",
"versionEndIncluding": "46.8.2",
"versionStartIncluding": "46.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4143A5F6-CD91-4209-A52B-98854CCAC987",
"versionEndIncluding": "46.9.3",
"versionStartIncluding": "46.9.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FED9166-7A2A-453D-9792-7A6361CEF594",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en Wind River VxWorks versi\u00f3n 7. El asignador de memoria presenta un posible desbordamiento de enteros al calcular el tama\u00f1o de un bloque de memoria que es asignado por una funci\u00f3n calloc(). Como resultado, la memoria actual asignada es menor que el tama\u00f1o del b\u00fafer especificado por los argumentos, conllevando a una corrupci\u00f3n de la memoria"
}
],
"id": "CVE-2020-35198",
"lastModified": "2024-11-21T05:26:56.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-05-12T11:15:07.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-JV4R-HC9X-R99X
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-05-24 19:02
VLAI?
Details
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Severity ?
9.8 (Critical)
{
"affected": [],
"aliases": [
"CVE-2020-35198"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-12T11:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"id": "GHSA-jv4r-hc9x-r99x",
"modified": "2022-05-24T19:02:16Z",
"published": "2022-05-24T19:02:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35198"
},
{
"type": "WEB",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198"
},
{
"type": "WEB",
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2020-35198
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-35198",
"description": "An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"id": "GSD-2020-35198"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-35198"
],
"details": "An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"id": "GSD-2020-35198",
"modified": "2023-12-13T01:22:00.899220Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support2.windriver.com/index.php?page=security-notices",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198",
"refsource": "MISC",
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.9.4.12",
"versionStartIncluding": "6.9",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:6.9.4.12:rolling_cumulative_patch_layer2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:windriver:vxworks:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "21.03",
"versionStartIncluding": "7.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "46.9.3",
"versionStartIncluding": "46.9.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle:46.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "46.8.2",
"versionStartIncluding": "46.8.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35198"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in Wind River VxWorks 7. The memory allocator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support2.windriver.com/index.php?page=security-notices",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=security-notices"
},
{
"name": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support2.windriver.com/index.php?page=cve\u0026on=view\u0026id=CVE-2020-35198"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2022-05-12T14:06Z",
"publishedDate": "2021-05-12T11:15Z"
}
}
}
ICSA-23-103-13
Vulnerability from csaf_cisa - Published: 2023-04-11 00:00 - Updated: 2024-08-13 00:00Summary
Siemens SCALANCE Switch Families
Notes
Summary
Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Germany
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Siemens ProductCERT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "SSA-813746: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-813746.json"
},
{
"category": "self",
"summary": "SSA-813746: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-813746.html"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-103-13 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2023/icsa-23-103-13.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-23-103-13 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-103-13"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Siemens SCALANCE Switch Families",
"tracking": {
"current_release_date": "2024-08-13T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-23-103-13",
"initial_release_date": "2023-04-11T00:00:00.000000Z",
"revision_history": [
{
"date": "2023-04-11T00:00:00.000000Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-08-13T00:00:00.000000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated description and CVSS for CVE-2020-35198"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3)",
"product_id": "CSAFPID-0001",
"product_identification_helper": {
"model_numbers": [
"6GK5200-4AH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3)",
"product_id": "CSAFPID-0002",
"product_identification_helper": {
"model_numbers": [
"6GK5201-3BH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6)",
"product_id": "CSAFPID-0003",
"product_identification_helper": {
"model_numbers": [
"6GK5201-3JR00-2BA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3)",
"product_id": "CSAFPID-0004",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BB00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2IRT (6GK5202-2BB10-2BA3)",
"product_id": "CSAFPID-0005",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BB10-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2IRT (6GK5202-2BB10-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3)",
"product_id": "CSAFPID-0006",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6)",
"product_id": "CSAFPID-0007",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2JR00-2BA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2 (6GK5204-2BB10-2AA3)",
"product_id": "CSAFPID-0008",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BB10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2 (6GK5204-2BB10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2FM (6GK5204-2BB11-2AA3)",
"product_id": "CSAFPID-0009",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BB11-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2FM (6GK5204-2BB11-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2LD (6GK5204-2BC10-2AA3)",
"product_id": "CSAFPID-0010",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BC10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2LD (6GK5204-2BC10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2)",
"product_id": "CSAFPID-0011",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BC10-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2TS (6GK5204-2BB10-2CA2)",
"product_id": "CSAFPID-0012",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BB10-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2TS (6GK5204-2BB10-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X204IRT (6GK5204-0BA00-2BA3)",
"product_id": "CSAFPID-0013",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204IRT (6GK5204-0BA00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X204IRT (6GK5204-0BA10-2BA3)",
"product_id": "CSAFPID-0014",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA10-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204IRT (6GK5204-0BA10-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6)",
"product_id": "CSAFPID-0015",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0JA00-2BA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X206-1 (6GK5206-1BB10-2AA3)",
"product_id": "CSAFPID-0016",
"product_identification_helper": {
"model_numbers": [
"6GK5206-1BB10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X206-1 (6GK5206-1BB10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X206-1LD (6GK5206-1BC10-2AA3)",
"product_id": "CSAFPID-0017",
"product_identification_helper": {
"model_numbers": [
"6GK5206-1BC10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X206-1LD (6GK5206-1BC10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X208 (6GK5208-0BA10-2AA3)",
"product_id": "CSAFPID-0018",
"product_identification_helper": {
"model_numbers": [
"6GK5208-0BA10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X208 (6GK5208-0BA10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X208PRO (6GK5208-0HA10-2AA6)",
"product_id": "CSAFPID-0019",
"product_identification_helper": {
"model_numbers": [
"6GK5208-0HA10-2AA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X208PRO (6GK5208-0HA10-2AA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X212-2 (6GK5212-2BB00-2AA3)",
"product_id": "CSAFPID-0020",
"product_identification_helper": {
"model_numbers": [
"6GK5212-2BB00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X212-2 (6GK5212-2BB00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X212-2LD (6GK5212-2BC00-2AA3)",
"product_id": "CSAFPID-0021",
"product_identification_helper": {
"model_numbers": [
"6GK5212-2BC00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X212-2LD (6GK5212-2BC00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X216 (6GK5216-0BA00-2AA3)",
"product_id": "CSAFPID-0022",
"product_identification_helper": {
"model_numbers": [
"6GK5216-0BA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X216 (6GK5216-0BA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X224 (6GK5224-0BA00-2AA3)",
"product_id": "CSAFPID-0023",
"product_identification_helper": {
"model_numbers": [
"6GK5224-0BA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X224 (6GK5224-0BA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3)",
"product_id": "CSAFPID-0024",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-2EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3)",
"product_id": "CSAFPID-0025",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-2GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3)",
"product_id": "CSAFPID-0026",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-4EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3)",
"product_id": "CSAFPID-0027",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-4GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3)",
"product_id": "CSAFPID-0028",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-1EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3)",
"product_id": "CSAFPID-0029",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-1GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3)",
"product_id": "CSAFPID-0030",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-3EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3)",
"product_id": "CSAFPID-0031",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-3GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X304-2FE (6GK5304-2BD00-2AA3)",
"product_id": "CSAFPID-0032",
"product_identification_helper": {
"model_numbers": [
"6GK5304-2BD00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X304-2FE (6GK5304-2BD00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3)",
"product_id": "CSAFPID-0033",
"product_identification_helper": {
"model_numbers": [
"6GK5306-1BF00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3)",
"product_id": "CSAFPID-0034",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-2EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3)",
"product_id": "CSAFPID-0035",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-2GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3)",
"product_id": "CSAFPID-0036",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-4EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3)",
"product_id": "CSAFPID-0037",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-4GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3)",
"product_id": "CSAFPID-0038",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-1EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3)",
"product_id": "CSAFPID-0039",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-1GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3)",
"product_id": "CSAFPID-0040",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-3EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3)",
"product_id": "CSAFPID-0041",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-3GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3 (6GK5307-3BL00-2AA3)",
"product_id": "CSAFPID-0042",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BL00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3 (6GK5307-3BL00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3 (6GK5307-3BL10-2AA3)",
"product_id": "CSAFPID-0043",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BL10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3 (6GK5307-3BL10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3LD (6GK5307-3BM00-2AA3)",
"product_id": "CSAFPID-0044",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BM00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3LD (6GK5307-3BM00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3LD (6GK5307-3BM10-2AA3)",
"product_id": "CSAFPID-0045",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BM10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3LD (6GK5307-3BM10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2 (6GK5308-2FL00-2AA3)",
"product_id": "CSAFPID-0046",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FL00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2 (6GK5308-2FL00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2 (6GK5308-2FL10-2AA3)",
"product_id": "CSAFPID-0047",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FL10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2 (6GK5308-2FL10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LD (6GK5308-2FM00-2AA3)",
"product_id": "CSAFPID-0048",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FM00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LD (6GK5308-2FM00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LD (6GK5308-2FM10-2AA3)",
"product_id": "CSAFPID-0049",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FM10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LD (6GK5308-2FM10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH (6GK5308-2FN00-2AA3)",
"product_id": "CSAFPID-0050",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FN00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH (6GK5308-2FN00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH (6GK5308-2FN10-2AA3)",
"product_id": "CSAFPID-0051",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FN10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH (6GK5308-2FN10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3)",
"product_id": "CSAFPID-0052",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FP00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3)",
"product_id": "CSAFPID-0053",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FP10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M (6GK5308-2GG00-2AA2)",
"product_id": "CSAFPID-0054",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M (6GK5308-2GG00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M (6GK5308-2GG10-2AA2)",
"product_id": "CSAFPID-0055",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG10-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M (6GK5308-2GG10-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2)",
"product_id": "CSAFPID-0056",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2QG00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2)",
"product_id": "CSAFPID-0057",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2QG10-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M TS (6GK5308-2GG00-2CA2)",
"product_id": "CSAFPID-0058",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG00-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M TS (6GK5308-2GG00-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M TS (6GK5308-2GG10-2CA2)",
"product_id": "CSAFPID-0059",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG10-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M TS (6GK5308-2GG10-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310 (6GK5310-0FA00-2AA3)",
"product_id": "CSAFPID-0060",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0FA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310 (6GK5310-0FA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310 (6GK5310-0FA10-2AA3)",
"product_id": "CSAFPID-0061",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0FA10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310 (6GK5310-0FA10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310FE (6GK5310-0BA00-2AA3)",
"product_id": "CSAFPID-0062",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0BA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310FE (6GK5310-0BA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310FE (6GK5310-0BA10-2AA3)",
"product_id": "CSAFPID-0063",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0BA10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310FE (6GK5310-0BA10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X320-1 FE (6GK5320-1BD00-2AA3)",
"product_id": "CSAFPID-0064",
"product_identification_helper": {
"model_numbers": [
"6GK5320-1BD00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X320-1 FE (6GK5320-1BD00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3)",
"product_id": "CSAFPID-0065",
"product_identification_helper": {
"model_numbers": [
"6GK5320-3BF00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X408-2 (6GK5408-2FD00-2AA2)",
"product_id": "CSAFPID-0066",
"product_identification_helper": {
"model_numbers": [
"6GK5408-2FD00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X408-2 (6GK5408-2FD00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2)",
"product_id": "CSAFPID-0067",
"product_identification_helper": {
"model_numbers": [
"6GK5201-3BH00-2BD2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2)",
"product_id": "CSAFPID-0068",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BH00-2BD2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF204 (6GK5204-0BA00-2AF2)",
"product_id": "CSAFPID-0069",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204 (6GK5204-0BA00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF204-2 (6GK5204-2BC00-2AF2)",
"product_id": "CSAFPID-0070",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BC00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204-2 (6GK5204-2BC00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2)",
"product_id": "CSAFPID-0071",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2AA00-2BD2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2)",
"product_id": "CSAFPID-0072",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA00-2BF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF206-1 (6GK5206-1BC00-2AF2)",
"product_id": "CSAFPID-0073",
"product_identification_helper": {
"model_numbers": [
"6GK5206-1BC00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF206-1 (6GK5206-1BC00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF208 (6GK5208-0BA00-2AF2)",
"product_id": "CSAFPID-0074",
"product_identification_helper": {
"model_numbers": [
"6GK5208-0BA00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF208 (6GK5208-0BA00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2)",
"product_id": "CSAFPID-0075",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-2ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2)",
"product_id": "CSAFPID-0076",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-2ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2)",
"product_id": "CSAFPID-0077",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-2JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2)",
"product_id": "CSAFPID-0078",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-2JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2)",
"product_id": "CSAFPID-0079",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-4ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2)",
"product_id": "CSAFPID-0080",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-4ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2)",
"product_id": "CSAFPID-0081",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-4JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2)",
"product_id": "CSAFPID-0082",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-4JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2)",
"product_id": "CSAFPID-0083",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-1ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2)",
"product_id": "CSAFPID-0084",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-1ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2)",
"product_id": "CSAFPID-0085",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-1JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2)",
"product_id": "CSAFPID-0086",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-1JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2)",
"product_id": "CSAFPID-0087",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-3ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2)",
"product_id": "CSAFPID-0088",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-3ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2)",
"product_id": "CSAFPID-0089",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-3JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2)",
"product_id": "CSAFPID-0090",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-3JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2)",
"product_id": "CSAFPID-0091",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-1AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2)",
"product_id": "CSAFPID-0092",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-1HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2)",
"product_id": "CSAFPID-0093",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-3AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2)",
"product_id": "CSAFPID-0094",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-3HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2)",
"product_id": "CSAFPID-0095",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-1CR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2)",
"product_id": "CSAFPID-0096",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-1AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2)",
"product_id": "CSAFPID-0097",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-1AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2)",
"product_id": "CSAFPID-0098",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-1HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2)",
"product_id": "CSAFPID-0099",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-1HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2)",
"product_id": "CSAFPID-0100",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-3AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2)",
"product_id": "CSAFPID-0101",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-3AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2)",
"product_id": "CSAFPID-0102",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-3HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2)",
"product_id": "CSAFPID-0103",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-3HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2)",
"product_id": "CSAFPID-0104",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-1CR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2)",
"product_id": "CSAFPID-0105",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-1CR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3)",
"product_id": "CSAFPID-0106",
"product_identification_helper": {
"model_numbers": [
"6AG1202-2BH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3)",
"product_id": "CSAFPID-0107",
"product_identification_helper": {
"model_numbers": [
"6AG1308-2FL10-4AA3"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28895",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0106",
"CSAFPID-0107"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0107"
]
},
{
"category": "vendor_fix",
"details": "Update to V5.2.6 or later version",
"product_ids": [
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0073",
"CSAFPID-0074"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811753/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0106"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817790/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0106",
"CSAFPID-0107"
]
}
],
"title": "CVE-2020-28895"
},
{
"cve": "CVE-2020-35198",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The APIs cacheDmaMalloc()/cacheArchDmaMalloc()/mmap64() align the size of the requested buffer with the memory page size of the target platform. If the requested size is large enough to cause integer overflow by the alignment calculation, a valid pointer to a buffer that is smaller than the requested size is returned, opening the door to use for heap overflow attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0106",
"CSAFPID-0107"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0107"
]
},
{
"category": "vendor_fix",
"details": "Update to V5.2.6 or later version",
"product_ids": [
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0073",
"CSAFPID-0074"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811753/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.2 or later version",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0106"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817790/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012",
"CSAFPID-0013",
"CSAFPID-0014",
"CSAFPID-0015",
"CSAFPID-0016",
"CSAFPID-0017",
"CSAFPID-0018",
"CSAFPID-0019",
"CSAFPID-0020",
"CSAFPID-0021",
"CSAFPID-0022",
"CSAFPID-0023",
"CSAFPID-0031",
"CSAFPID-0030",
"CSAFPID-0029",
"CSAFPID-0028",
"CSAFPID-0027",
"CSAFPID-0026",
"CSAFPID-0025",
"CSAFPID-0024",
"CSAFPID-0032",
"CSAFPID-0033",
"CSAFPID-0041",
"CSAFPID-0040",
"CSAFPID-0039",
"CSAFPID-0038",
"CSAFPID-0037",
"CSAFPID-0036",
"CSAFPID-0035",
"CSAFPID-0034",
"CSAFPID-0042",
"CSAFPID-0043",
"CSAFPID-0044",
"CSAFPID-0045",
"CSAFPID-0046",
"CSAFPID-0047",
"CSAFPID-0048",
"CSAFPID-0049",
"CSAFPID-0050",
"CSAFPID-0051",
"CSAFPID-0052",
"CSAFPID-0053",
"CSAFPID-0054",
"CSAFPID-0055",
"CSAFPID-0056",
"CSAFPID-0057",
"CSAFPID-0058",
"CSAFPID-0059",
"CSAFPID-0060",
"CSAFPID-0061",
"CSAFPID-0062",
"CSAFPID-0063",
"CSAFPID-0064",
"CSAFPID-0065",
"CSAFPID-0066",
"CSAFPID-0067",
"CSAFPID-0068",
"CSAFPID-0069",
"CSAFPID-0070",
"CSAFPID-0071",
"CSAFPID-0072",
"CSAFPID-0073",
"CSAFPID-0074",
"CSAFPID-0100",
"CSAFPID-0101",
"CSAFPID-0102",
"CSAFPID-0103",
"CSAFPID-0096",
"CSAFPID-0097",
"CSAFPID-0098",
"CSAFPID-0099",
"CSAFPID-0104",
"CSAFPID-0105",
"CSAFPID-0087",
"CSAFPID-0088",
"CSAFPID-0089",
"CSAFPID-0090",
"CSAFPID-0083",
"CSAFPID-0084",
"CSAFPID-0085",
"CSAFPID-0086",
"CSAFPID-0079",
"CSAFPID-0080",
"CSAFPID-0081",
"CSAFPID-0082",
"CSAFPID-0075",
"CSAFPID-0076",
"CSAFPID-0077",
"CSAFPID-0078",
"CSAFPID-0093",
"CSAFPID-0094",
"CSAFPID-0091",
"CSAFPID-0092",
"CSAFPID-0095",
"CSAFPID-0106",
"CSAFPID-0107"
]
}
],
"title": "CVE-2020-35198"
}
]
}
ICSA-25-155-02
Vulnerability from csaf_cisa - Published: 2021-12-16 13:30 - Updated: 2025-05-27 12:30Summary
Hitachi Energy Relion 670 650 series and SAM600-IO Product
Notes
Summary
Hitachi Energy is aware of two critical memory allocation vulnerabilities (called BadAlloc [1] vulnerabilities) in the WindRiver VxWorks Operating Systems [2][3] that are used in our product versions listed in this advisory.
An attacker that exploits these vulnerabilities might bypass security controls to execute malicious code or cause a denial-of-service. For immediate mitigation/workaround information, please refer to the Mitigation Fac-tors/Workaround Section.
[1] BadAlloc – Microsoft’s Section 52 - https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allo-cation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/
[2] Wind River VxWorks – CVE-2020-28895 Advisory - https://support2.windriver.com/in-dex.php?page=cve&on=view&id=CVE-2020-28895
[3] Wind River VxWorks – CVE-2020-35198 Advisory - https://support2.windriver.com/in-dex.php?page=cve&on=view&id=CVE-2020-35198
Notice
The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warran-ties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.
Support
For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.
General Mitigation Factors
Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Advisory Conversion Disclaimer
This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000070 from a direct conversion of their vendor's Common Security Advisory Framework (CSAF) advisory. This is republished to CISA's website as a means of increasing visibility and is provided "as-is" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.
Critical infrastructure sectors
Energy
Countries/areas deployed
Worldwide
Company headquarters location
Switzerland
Recommended Practices
CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.
Recommended Practices
Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.
Recommended Practices
Locate control system networks and remote devices behind firewalls and isolate them from business networks.
Recommended Practices
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
{
"document": {
"acknowledgments": [
{
"organization": "Hitachi Energy PSIRT",
"summary": "reporting these vulnerabilities to CISA."
}
],
"aggregate_severity": {
"namespace": "https://www.first.org/cvss/specification-document",
"text": "CRITICAL"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "summary",
"text": "Hitachi Energy is aware of two critical memory allocation vulnerabilities (called BadAlloc [1] vulnerabilities) in the WindRiver VxWorks Operating Systems [2][3] that are used in our product versions listed in this advisory.\nAn attacker that exploits these vulnerabilities might bypass security controls to execute malicious code or cause a denial-of-service. For immediate mitigation/workaround information, please refer to the Mitigation Fac-tors/Workaround Section.\n\n[1] BadAlloc \u2013 Microsoft\u2019s Section 52 - https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allo-cation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/\n[2] Wind River VxWorks \u2013 CVE-2020-28895 Advisory - https://support2.windriver.com/in-dex.php?page=cve\u0026on=view\u0026id=CVE-2020-28895\n[3] Wind River VxWorks \u2013 CVE-2020-35198 Advisory - https://support2.windriver.com/in-dex.php?page=cve\u0026on=view\u0026id=CVE-2020-35198",
"title": "Summary"
},
{
"category": "legal_disclaimer",
"text": "The information in this document is subject to change without notice and should not be construed as a commitment by Hitachi Energy. Hitachi Energy provides no warranty, express or implied, including warran-ties of merchantability and fitness for a particular purpose, for the information contained in this document, and assumes no responsibility for any errors that may appear in this document. In no event shall Hitachi Energy or any of its suppliers be liable for direct, indirect, special, incidental or consequential damages of any nature or kind arising from the use of this document, or from the use of any hardware or software described in this document, even if Hitachi Energy or its suppliers have been advised of the possibility of such damages. This document and parts hereof must not be reproduced or copied without written permission from Hitachi Energy and the contents hereof must not be imparted to a third party nor used for any unauthorized purpose. All rights to registrations and trademarks reside with their respective owners.",
"title": "Notice"
},
{
"category": "general",
"text": "For additional information and support please contact your product provider or Hitachi Energy service organization. For contact information, see https://www.hitachienergy.com/contact-us/ for Hitachi Energy contact-centers.",
"title": "Support"
},
{
"category": "general",
"text": "Recommended security practices and firewall configurations can help protect a process control network from attacks that originate from outside the network. Such practices include that process control systems are physically protected from direct access by unauthorized personnel, have no direct connections to the Internet, and are separated from other networks by means of a firewall system that has a minimal number of ports exposed, and others that have to be evaluated case by case. Process control systems should not be used for Internet surfing, instant messaging, or receiving e-mails. Portable computers and removable storage media should be carefully scanned for viruses before they are connected to a control system.",
"title": "General Mitigation Factors"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "other",
"text": "This ICSA is a verbatim republication of Hitachi Energy PSIRT 8DBD000070 from a direct conversion of their vendor\u0027s Common Security Advisory Framework (CSAF) advisory. This is republished to CISA\u0027s website as a means of increasing visibility and is provided \"as-is\" for informational purposes only. CISA is not responsible for the editorial or technical accuracy of republished advisories and provides no warranties of any kind regarding any information contained within this advisory. Further, CISA does not endorse any commercial product or service. Please contact Hitachi Energy PSIRT directly for any questions regarding this advisory.",
"title": "Advisory Conversion Disclaimer"
},
{
"category": "other",
"text": "Energy",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Switzerland",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "other",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-25-155-02 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2025/icsa-25-155-02.json"
},
{
"category": "self",
"summary": "Cybersecurity Advisory - BadAlloc \u2013 Memory Allocation Vulnerabilities in Hitachi Energy Relion 670, 650 series and SAM600-IO Product",
"url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000070\u0026languageCode=en\u0026Preview=true"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-25-155-02 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-155-02"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Hitachi Energy Relion 670 650 series and SAM600-IO Product",
"tracking": {
"current_release_date": "2025-05-27T12:30:00.000000Z",
"generator": {
"date": "2025-06-05T16:55:18.347501Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-25-155-02",
"initial_release_date": "2021-12-16T13:30:00.000000Z",
"revision_history": [
{
"date": "2021-12-16T13:30:00.000000Z",
"number": "1",
"summary": "Initial version."
},
{
"date": "2025-05-27T12:30:00.000000Z",
"number": "2",
"summary": "Update to Recommended Actions table with fixed versions"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.5.0|\u003c=2.2.5.1",
"product": {
"name": "Relion 670 series version 2.2.5 revisions up to 2.2.5.1",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.4.0|\u003c=2.2.4.2",
"product": {
"name": "Relion 670 series version 2.2.4 revisions up to 2.2.4.2",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.3.0|\u003c=2.2.3.4",
"product": {
"name": "Relion 670 series version 2.2.3 revisions up to 2.2.3.4",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.2.0|\u003c=2.2.2.4",
"product": {
"name": "Relion 670 series version 2.2.2 revisions up to 2.2.2.4",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.1.0|\u003c=2.2.1.7",
"product": {
"name": "Relion 670 series version 2.2.1 revisions up to 2.2.1.7",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=1.1|\u003c2.2.1",
"product": {
"name": "Relion 670 series version 1.1 to 2.2.0 all revisions",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "Relion 670"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.5.0|\u003c=2.2.5.1",
"product": {
"name": "Relion 650 series version 2.2.5 revisions up to 2.2.5.1",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "Relion 650"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.4.0|\u003c=2.2.4.2",
"product": {
"name": "Relion 650 series version 2.2.4 revisions up to 2.2.4.2",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "Relion 650"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.1.0|\u003c=2.2.1.7",
"product": {
"name": "Relion 650 series version 2.2.1 revisions up to 2.2.1.7",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Relion 650"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=1.0|\u003c2.2.1",
"product": {
"name": "Relion 650 series version 1.0 to 2.2.0 all revisions",
"product_id": "CSAFPID-0010"
}
}
],
"category": "product_name",
"name": "Relion 650"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.5.0|\u003c=2.2.5.1",
"product": {
"name": "SAM-IO series version 2.2.5 revisions up to 2.2.5.1",
"product_id": "CSAFPID-0011"
}
}
],
"category": "product_name",
"name": "SAM-IO"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/\u003e=2.2.1.0|\u003c=2.2.1.7",
"product": {
"name": "SAM-IO series version 2.2.1 revisions up to 2.2.1.7",
"product_id": "CSAFPID-0012"
}
}
],
"category": "product_name",
"name": "SAM-IO"
}
],
"category": "vendor",
"name": "Hitachi Energy"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28895",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
"references": [
{
"category": "external",
"summary": "NVD CVE Detail",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28895"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to 2.2.5.2 version or latest",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0007",
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.4.3 version or latest",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.3.5 version or latest",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.2.5 version or latest",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.1.8 version or latest",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0012"
]
},
{
"category": "mitigation",
"details": "Refer to the Mitigation Factors/Workaround Section for the current mitigation strategy.",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0010"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"environmentalScore": 7.3,
"environmentalSeverity": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.3,
"temporalSeverity": "HIGH",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
}
],
"title": "CVE-2020-28895"
},
{
"cve": "CVE-2020-35198",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "description",
"text": "An issue was discovered in Wind River VxWorks 7. The memory al-locator has a possible integer overflow in calculating a memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"title": "CVE Description"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
},
"references": [
{
"category": "external",
"summary": "NVD CVE Detail",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-35198"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "Update to 2.2.5.2 version or latest",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0007",
"CSAFPID-0011"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.4.3 version or latest",
"product_ids": [
"CSAFPID-0002",
"CSAFPID-0008"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.3.5 version or latest",
"product_ids": [
"CSAFPID-0003"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.2.5 version or latest",
"product_ids": [
"CSAFPID-0004"
]
},
{
"category": "vendor_fix",
"details": "Update to 2.2.1.8 version or latest",
"product_ids": [
"CSAFPID-0005",
"CSAFPID-0009",
"CSAFPID-0012"
]
},
{
"category": "mitigation",
"details": "Refer to the Mitigation Factors/Workaround Section for the current mitigation strategy.",
"product_ids": [
"CSAFPID-0006",
"CSAFPID-0010"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010",
"CSAFPID-0011",
"CSAFPID-0012"
]
}
],
"title": "CVE-2020-35198"
}
]
}
ICSA-21-119-04
Vulnerability from csaf_cisa - Published: 2021-04-29 00:00 - Updated: 2022-04-19 00:00Summary
Multiple RTOS (Update E)
Notes
CISA Disclaimer
This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice
All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation
Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution.
Critical infrastructure sectors
Multiple
Countries/areas deployed
Worldwide
Company headquarters location
Multiple
Recommended Practices
CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
Exploitability
No known public exploits specifically target these vulnerabilities.
{
"document": {
"acknowledgments": [
{
"names": [
"David Atch",
"Omri Ben Bassat",
"Tamir Ariel"
],
"organization": "Microsoft Section 52",
"summary": "reporting these vulnerabilities to CISA"
},
{
"organization": "the Azure Defender for IoT research group",
"summary": "reporting these vulnerabilities to CISA"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Multiple",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Multiple",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-21-119-04 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsa-21-119-04.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-21-119-04 Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-21-119-04"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
}
],
"title": "Multiple RTOS (Update E)",
"tracking": {
"current_release_date": "2022-04-19T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-21-119-04",
"initial_release_date": "2021-04-29T00:00:00.000000Z",
"revision_history": [
{
"date": "2021-04-29T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-21-119-04 Multiple RTOS"
},
{
"date": "2021-05-06T00:00:00.000000Z",
"legacy_version": "A",
"number": "2",
"summary": "ICSA-21-119-04 Multiple RTOS (Update A)"
},
{
"date": "2021-05-20T00:00:00.000000Z",
"legacy_version": "B",
"number": "3",
"summary": "ICSA-21-119-04 Multiple RTOS (Update B)"
},
{
"date": "2021-08-17T00:00:00.000000Z",
"legacy_version": "C",
"number": "4",
"summary": "ICSA-21-119-04 Multiple RTOS (Update C)"
},
{
"date": "2021-11-30T00:00:00.000000Z",
"legacy_version": "D",
"number": "5",
"summary": "ICSA-21-119-04 Multiple RTOS (Update D)"
},
{
"date": "2022-04-19T00:00:00.000000Z",
"legacy_version": "E",
"number": "6",
"summary": "ICSA-21-119-04 Multiple RTOS (Update E)"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 6.5.0 SP1",
"product": {
"name": "BlackBerry QNX SDP: Versions 6.5.0 SP1 and earlier",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "BlackBerry QNX SDP"
},
{
"branches": [
{
"category": "product_version",
"name": "3.1.0",
"product": {
"name": "TencentOS-tiny: Version 3.1.0",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "TencentOS-tiny"
},
{
"branches": [
{
"category": "product_version",
"name": "1.0.2",
"product": {
"name": "Google Cloud IoT Device SDK: Version 1.0.2",
"product_id": "CSAFPID-0003"
}
}
],
"category": "product_name",
"name": "Google Cloud IoT Device SDK"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.40.00",
"product": {
"name": "Texas Instruments SimpleLink-CC26XX: versions prior to 4.40.00",
"product_id": "CSAFPID-0004"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink-CC26XX"
},
{
"branches": [
{
"category": "product_version",
"name": "MSP432E4XX",
"product": {
"name": "Texas Instruments SimpleLink: MSP432E4XX",
"product_id": "CSAFPID-0005"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.0.1",
"product": {
"name": "BlackBerry QNX OS for Safety: Versions 1.0.1 and earlier safety products compliant with IEC 61508 and/or ISO 26262",
"product_id": "CSAFPID-0006"
}
}
],
"category": "product_name",
"name": "BlackBerry QNX OS for Safety"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 1.1",
"product": {
"name": "BlackBerry QNX OS for Medical: Versions 1.1 and earlier safety products compliant with IEC 62304",
"product_id": "CSAFPID-0007"
}
}
],
"category": "product_name",
"name": "BlackBerry QNX OS for Medical"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2.1.3",
"product": {
"name": "ARM CMSIS-RTOS2: versions prior to 2.1.3",
"product_id": "CSAFPID-0008"
}
}
],
"category": "product_name",
"name": "ARM CMSIS-RTOS2"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.0.0",
"product": {
"name": "Redhat newlib: versions prior to 4.0.0",
"product_id": "CSAFPID-0009"
}
}
],
"category": "product_name",
"name": "Redhat newlib"
},
{
"branches": [
{
"category": "product_version",
"name": "9.1.0",
"product": {
"name": "Apache Nuttx OS: Version 9.1.0",
"product_id": "CSAFPID-00010"
}
}
],
"category": "product_name",
"name": "Apache Nuttx OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003e= 2.0.1 | \u003c= 4.5.3",
"product": {
"name": "eCosCentric eCosPro RTOS: Versions 2.0.1 through 4.5.3",
"product_id": "CSAFPID-00011"
}
}
],
"category": "product_name",
"name": "eCosCentric eCosPro RTOS"
},
{
"branches": [
{
"category": "product_version",
"name": "2020.01.1",
"product": {
"name": "RIOT OS: Version 2020.01.1",
"product_id": "CSAFPID-00012"
}
}
],
"category": "product_name",
"name": "RIOT OS"
},
{
"branches": [
{
"category": "product_version",
"name": "6.3.0",
"product": {
"name": "ARM Mbed OS: Version 6.3.0",
"product_id": "CSAFPID-00013"
}
}
],
"category": "product_name",
"name": "ARM Mbed OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.40.00.07",
"product": {
"name": "Texas Instruments CC32XX: versions prior to 4.40.00.07",
"product_id": "CSAFPID-00014"
}
}
],
"category": "product_name",
"name": "Texas Instruments CC32XX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.10.03",
"product": {
"name": "Texas Instruments SimpleLink-CC32XX: versions prior to 4.10.03",
"product_id": "CSAFPID-00015"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink-CC32XX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 7.0",
"product": {
"name": "Windriver VxWorks: prior to 7.0",
"product_id": "CSAFPID-00016"
}
}
],
"category": "product_name",
"name": "Windriver VxWorks"
},
{
"branches": [
{
"category": "product_version",
"name": "10.4.1",
"product": {
"name": "Amazon FreeRTOS: Version 10.4.1",
"product_id": "CSAFPID-00017"
}
}
],
"category": "product_name",
"name": "Amazon FreeRTOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 3.0.GBB",
"product": {
"name": "Samsung Tizen RT RTOS: versions prior 3.0.GBB",
"product_id": "CSAFPID-00018"
}
}
],
"category": "product_name",
"name": "Samsung Tizen RT RTOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2.8.2",
"product": {
"name": "NXP MCUXpresso SDK: versions prior to 2.8.2",
"product_id": "CSAFPID-00019"
}
}
],
"category": "product_name",
"name": "NXP MCUXpresso SDK"
},
{
"branches": [
{
"category": "product_version",
"name": "2.17.0",
"product": {
"name": "Cesanta Software Mongoose OS: v2.17.0",
"product_id": "CSAFPID-00020"
}
}
],
"category": "product_name",
"name": "Cesanta Software Mongoose OS"
},
{
"branches": [
{
"category": "product_version",
"name": "1.38.xx | 1.39.00",
"product": {
"name": "Micrium uC/OS: uC/LIB Versions 1.38.xx Version 1.39.00",
"product_id": "CSAFPID-00021"
}
}
],
"category": "product_name",
"name": "Micrium uC/OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.10.1",
"product": {
"name": "Micrium OS: Versions 5.10.1 and prior",
"product_id": "CSAFPID-00022"
}
}
],
"category": "product_name",
"name": "Micrium OS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.40.00",
"product": {
"name": "Texas Instruments SimpleLink-CC13XX: versions prior to 4.40.00",
"product_id": "CSAFPID-00023"
}
}
],
"category": "product_name",
"name": "Texas Instruments SimpleLink-CC13XX"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 4.6.1",
"product": {
"name": "Media Tek LinkIt SDK: versions prior to 4.6.1",
"product_id": "CSAFPID-00024"
}
}
],
"category": "product_name",
"name": "Media Tek LinkIt SDK"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 1.0.36",
"product": {
"name": "Uclibc-NG: versions prior to 1.0.36",
"product_id": "CSAFPID-00025"
}
}
],
"category": "product_name",
"name": "Uclibc-NG"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c 2.5",
"product": {
"name": "Zephyr Project RTOS: versions prior to 2.5",
"product_id": "CSAFPID-00026"
}
}
],
"category": "product_name",
"name": "Zephyr Project RTOS"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c= 5.1",
"product": {
"name": "NXP MQX: Versions 5.1 and prior",
"product_id": "CSAFPID-00027"
}
}
],
"category": "product_name",
"name": "NXP MQX"
},
{
"branches": [
{
"category": "product_version",
"name": "1.3.0",
"product": {
"name": "ARM mbed-ualloc: Version 1.3.0",
"product_id": "CSAFPID-00028"
}
}
],
"category": "product_name",
"name": "ARM mbed-ualloc"
}
],
"category": "vendor",
"name": "multiple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30636",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Media Tek LinkIt SDK versions prior to 4.6.1 is vulnerable to integer overflow in memory allocation calls pvPortCalloc(calloc) and pvPortRealloc(realloc), which can lead to memory corruption on the target device.CVE-2021-30636 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-30636"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27431",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution.CVE-2021-27431 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27431"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27433",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "ARM mbed-ualloc memory library Version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27433 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27433"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27435",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27435 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27435"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27427",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "RIOT OS Versions 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27427 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27427"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-22684",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Samsung Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash.CVE-2021-22684 has been assigned to this vulnerability. A CVSS v3 base score of 3.2 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22684"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27439",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "TencentOS-tiny Version 3.1.0 is vulnerable to integer wrap-around in function \u0027tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27439 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27439"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27425",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27425 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27425"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-26461",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Apache Nuttx OS Version 9.1.0 is vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-26461 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26461"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2020-35198",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Wind River VxWorks several versions prior to 7.0 firmware are vulnerable to weaknesses found in the following functions; calloc(memLib), mmap/mmap64 (mmanLib), cacheDmaMalloc(cacheLib) and cacheArchDmaMalloc(cacheArchLib). This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2020-35198 and CVE-2020-28895 have been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35198"
},
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28895"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2020-28895",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Amazon FreeRTOS Version 10.4.1 is vulnerable to integer wrap-around in multiple memory management API functions (MemMang, Queue, StreamBuffer). This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-31571 and CVE-2021-31572 have been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31571"
},
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31572"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-31571",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow.CVE-2021-27417 has been assigned to this vulnerability. A CVSS v3 base score of 4.6 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27417"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-31572",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Redhat newlib versions prior to 4.0.0 are vulnerable to integer wrap-around in malloc and nano-malloc family routines (memalign, valloc, pvalloc, nano_memalign, nano_valloc, nano_pvalloc) due to insufficient checking in memory alignment logic. This insufficient checking can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-3420 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3420"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27417",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc.CVE-2021-27421 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27421"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-3420",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-22680 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22680"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27421",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution.CVE-2021-27419 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27419"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-22680",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values. This can trigger an integer overflow vulnerability in \u0027HeapTrack_alloc\u0027 and result in code execution.CVE-2021-27429 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27429"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27419",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments TI-RTOS returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in \u0027malloc\u0027 and result in code execution.CVE-2021-22636 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22636"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27429",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments devices running FREERTOS, malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in \u0027malloc\u0027 for FreeRTOS, resulting in code execution.CVE-2021-27504 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27504"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-22636",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Texas Instruments TI-RTOS, when configured to use HeapMem heap(default), malloc returns a valid pointer to a small buffer on extremely large values, which can trigger an integer overflow vulnerability in \u0027HeapMem_allocUnprotected\u0027 and result in code execution.CVE-2021-27502 has been assigned to this vulnerability. A CVSS v3 base score of 7.4 has been calculated; the CVSS vector string is (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27502"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27504",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Google Cloud IoT Device SDK Version 1.0.2 is vulnerable to heap overflow due to integer overflow in its implementation of calloc, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or code execution. Google PSIRT will assign a CVE. CVSS score will be calculated when a CVE has been assigned.CVE-2021-27411 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27411"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27502",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones.CVE-2021-26706 has been assigned to this vulnerability. A CVSS v3 base score of 6.5 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26706"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-27411",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Micrium uC/OS: uC/LIB Versions 1.38.xx, 1.39.00 are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones.CVE-2020-13603 has been assigned to this vulnerability. A CVSS v3 base score of 6.9 has been calculated; the CVSS vector string is (AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13603"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
},
{
"cve": "CVE-2021-26706",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "Zephyr Project RTOS versions prior to 2.5 are vulnerable to integer wrap-around sys_mem_pool_alloc function, which can lead to arbitrary memory allocation resulting in unexpected behavior such as a crash or code execution.CVE-2021-22156 has been assigned to this vulnerability. A CVSS v3 base score of 9.0 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-22156"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Hitachi Energy GMS600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000072\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy PWC600 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000073\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy REB500 - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000071\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Relion 670, 650 series and SAM600-IO - See public advisory",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000070\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy RTU500 series CMU - Updates available for some firmware versions - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000065\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Hitachi Energy Modular Switchgear Monitoring System MSM - Protect your network - See public advisory.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK107992A5975\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
},
{
"category": "mitigation",
"details": "Zephyr Project: Update to 2.5 or later. Patches available for prior supported versions. See the Zephyr security advisory for more information.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
],
"url": "https://github.com/zephyrproject-rtos/zephyr"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006",
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-00010",
"CSAFPID-00011",
"CSAFPID-00012",
"CSAFPID-00013",
"CSAFPID-00014",
"CSAFPID-00015",
"CSAFPID-00016",
"CSAFPID-00017",
"CSAFPID-00018",
"CSAFPID-00019",
"CSAFPID-00020",
"CSAFPID-00021",
"CSAFPID-00022",
"CSAFPID-00023",
"CSAFPID-00024",
"CSAFPID-00025",
"CSAFPID-00026",
"CSAFPID-00027",
"CSAFPID-00028"
]
}
]
}
]
}
SSA-813746
Vulnerability from csaf_siemens - Published: 2023-04-11 00:00 - Updated: 2024-08-13 00:00Summary
SSA-813746: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families
Notes
Summary
Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.
General Recommendations
As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens' operational guidelines for Industrial Security (Download:
https://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.
Additional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity
Additional Resources
For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories
Terms of Use
Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited. (TLPv2: TLP:CLEAR)",
"tlp": {
"label": "WHITE"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Siemens has released a new firmware version for SCALANCE X-200 and X-200 IRT switches that address Bad Alloc vulnerabilities in the underlying operating system and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.",
"title": "Summary"
},
{
"category": "general",
"text": "As a general security measure, Siemens strongly recommends to protect network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends to configure the environment according to Siemens\u0027 operational guidelines for Industrial Security (Download: \nhttps://www.siemens.com/cert/operational-guidelines-industrial-security), and to follow the recommendations in the product manuals.\nAdditional information on Industrial Security by Siemens can be found at: https://www.siemens.com/industrialsecurity",
"title": "General Recommendations"
},
{
"category": "general",
"text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "productcert@siemens.com",
"name": "Siemens ProductCERT",
"namespace": "https://www.siemens.com"
},
"references": [
{
"category": "self",
"summary": "SSA-813746: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families - HTML Version",
"url": "https://cert-portal.siemens.com/productcert/html/ssa-813746.html"
},
{
"category": "self",
"summary": "SSA-813746: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families - CSAF Version",
"url": "https://cert-portal.siemens.com/productcert/csaf/ssa-813746.json"
}
],
"title": "SSA-813746: BadAlloc Vulnerabilities in SCALANCE X-200, X-200IRT, and X-300 Switch Families",
"tracking": {
"current_release_date": "2024-08-13T00:00:00Z",
"generator": {
"engine": {
"name": "Siemens ProductCERT CSAF Generator",
"version": "1"
}
},
"id": "SSA-813746",
"initial_release_date": "2023-04-11T00:00:00Z",
"revision_history": [
{
"date": "2023-04-11T00:00:00Z",
"legacy_version": "1.0",
"number": "1",
"summary": "Publication Date"
},
{
"date": "2024-08-13T00:00:00Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Updated description and CVSS for CVE-2020-35198"
}
],
"status": "interim",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3)",
"product_id": "1",
"product_identification_helper": {
"model_numbers": [
"6GK5200-4AH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3)",
"product_id": "2",
"product_identification_helper": {
"model_numbers": [
"6GK5201-3BH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6)",
"product_id": "3",
"product_identification_helper": {
"model_numbers": [
"6GK5201-3JR00-2BA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3)",
"product_id": "4",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BB00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2IRT (6GK5202-2BB10-2BA3)",
"product_id": "5",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BB10-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2IRT (6GK5202-2BB10-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3)",
"product_id": "6",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6)",
"product_id": "7",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2JR00-2BA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2 (6GK5204-2BB10-2AA3)",
"product_id": "8",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BB10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2 (6GK5204-2BB10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2FM (6GK5204-2BB11-2AA3)",
"product_id": "9",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BB11-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2FM (6GK5204-2BB11-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2LD (6GK5204-2BC10-2AA3)",
"product_id": "10",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BC10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2LD (6GK5204-2BC10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2)",
"product_id": "11",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BC10-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2LD TS (6GK5204-2BC10-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X204-2TS (6GK5204-2BB10-2CA2)",
"product_id": "12",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BB10-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204-2TS (6GK5204-2BB10-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X204IRT (6GK5204-0BA00-2BA3)",
"product_id": "13",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204IRT (6GK5204-0BA00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X204IRT (6GK5204-0BA10-2BA3)",
"product_id": "14",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA10-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204IRT (6GK5204-0BA10-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6)",
"product_id": "15",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0JA00-2BA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X206-1 (6GK5206-1BB10-2AA3)",
"product_id": "16",
"product_identification_helper": {
"model_numbers": [
"6GK5206-1BB10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X206-1 (6GK5206-1BB10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X206-1LD (6GK5206-1BC10-2AA3)",
"product_id": "17",
"product_identification_helper": {
"model_numbers": [
"6GK5206-1BC10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X206-1LD (6GK5206-1BC10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X208 (6GK5208-0BA10-2AA3)",
"product_id": "18",
"product_identification_helper": {
"model_numbers": [
"6GK5208-0BA10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X208 (6GK5208-0BA10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X208PRO (6GK5208-0HA10-2AA6)",
"product_id": "19",
"product_identification_helper": {
"model_numbers": [
"6GK5208-0HA10-2AA6"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X208PRO (6GK5208-0HA10-2AA6)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X212-2 (6GK5212-2BB00-2AA3)",
"product_id": "20",
"product_identification_helper": {
"model_numbers": [
"6GK5212-2BB00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X212-2 (6GK5212-2BB00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X212-2LD (6GK5212-2BC00-2AA3)",
"product_id": "21",
"product_identification_helper": {
"model_numbers": [
"6GK5212-2BC00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X212-2LD (6GK5212-2BC00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X216 (6GK5216-0BA00-2AA3)",
"product_id": "22",
"product_identification_helper": {
"model_numbers": [
"6GK5216-0BA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X216 (6GK5216-0BA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE X224 (6GK5224-0BA00-2AA3)",
"product_id": "23",
"product_identification_helper": {
"model_numbers": [
"6GK5224-0BA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X224 (6GK5224-0BA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3)",
"product_id": "24",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-2EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 24V) (6GK5302-7GD00-2EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3)",
"product_id": "25",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-2GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 24V, coated) (6GK5302-7GD00-2GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3)",
"product_id": "26",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-4EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 230V) (6GK5302-7GD00-4EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3)",
"product_id": "27",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-4GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (2x 230V, coated) (6GK5302-7GD00-4GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3)",
"product_id": "28",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-1EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (24V) (6GK5302-7GD00-1EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3)",
"product_id": "29",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-1GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (24V, coated) (6GK5302-7GD00-1GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3)",
"product_id": "30",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-3EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (230V) (6GK5302-7GD00-3EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3)",
"product_id": "31",
"product_identification_helper": {
"model_numbers": [
"6GK5302-7GD00-3GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X302-7 EEC (230V, coated) (6GK5302-7GD00-3GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X304-2FE (6GK5304-2BD00-2AA3)",
"product_id": "32",
"product_identification_helper": {
"model_numbers": [
"6GK5304-2BD00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X304-2FE (6GK5304-2BD00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3)",
"product_id": "33",
"product_identification_helper": {
"model_numbers": [
"6GK5306-1BF00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X306-1LD FE (6GK5306-1BF00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3)",
"product_id": "34",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-2EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 24V) (6GK5307-2FD00-2EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3)",
"product_id": "35",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-2GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 24V, coated) (6GK5307-2FD00-2GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3)",
"product_id": "36",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-4EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 230V) (6GK5307-2FD00-4EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3)",
"product_id": "37",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-4GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (2x 230V, coated) (6GK5307-2FD00-4GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3)",
"product_id": "38",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-1EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (24V) (6GK5307-2FD00-1EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3)",
"product_id": "39",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-1GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (24V, coated) (6GK5307-2FD00-1GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3)",
"product_id": "40",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-3EA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (230V) (6GK5307-2FD00-3EA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3)",
"product_id": "41",
"product_identification_helper": {
"model_numbers": [
"6GK5307-2FD00-3GA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-2 EEC (230V, coated) (6GK5307-2FD00-3GA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3 (6GK5307-3BL00-2AA3)",
"product_id": "42",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BL00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3 (6GK5307-3BL00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3 (6GK5307-3BL10-2AA3)",
"product_id": "43",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BL10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3 (6GK5307-3BL10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3LD (6GK5307-3BM00-2AA3)",
"product_id": "44",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BM00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3LD (6GK5307-3BM00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X307-3LD (6GK5307-3BM10-2AA3)",
"product_id": "45",
"product_identification_helper": {
"model_numbers": [
"6GK5307-3BM10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X307-3LD (6GK5307-3BM10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2 (6GK5308-2FL00-2AA3)",
"product_id": "46",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FL00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2 (6GK5308-2FL00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2 (6GK5308-2FL10-2AA3)",
"product_id": "47",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FL10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2 (6GK5308-2FL10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LD (6GK5308-2FM00-2AA3)",
"product_id": "48",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FM00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LD (6GK5308-2FM00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LD (6GK5308-2FM10-2AA3)",
"product_id": "49",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FM10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LD (6GK5308-2FM10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH (6GK5308-2FN00-2AA3)",
"product_id": "50",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FN00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH (6GK5308-2FN00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH (6GK5308-2FN10-2AA3)",
"product_id": "51",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FN10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH (6GK5308-2FN10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3)",
"product_id": "52",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FP00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH+ (6GK5308-2FP00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3)",
"product_id": "53",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2FP10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2LH+ (6GK5308-2FP10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M (6GK5308-2GG00-2AA2)",
"product_id": "54",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M (6GK5308-2GG00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M (6GK5308-2GG10-2AA2)",
"product_id": "55",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG10-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M (6GK5308-2GG10-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2)",
"product_id": "56",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2QG00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M PoE (6GK5308-2QG00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2)",
"product_id": "57",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2QG10-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M PoE (6GK5308-2QG10-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M TS (6GK5308-2GG00-2CA2)",
"product_id": "58",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG00-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M TS (6GK5308-2GG00-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X308-2M TS (6GK5308-2GG10-2CA2)",
"product_id": "59",
"product_identification_helper": {
"model_numbers": [
"6GK5308-2GG10-2CA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X308-2M TS (6GK5308-2GG10-2CA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310 (6GK5310-0FA00-2AA3)",
"product_id": "60",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0FA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310 (6GK5310-0FA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310 (6GK5310-0FA10-2AA3)",
"product_id": "61",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0FA10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310 (6GK5310-0FA10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310FE (6GK5310-0BA00-2AA3)",
"product_id": "62",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0BA00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310FE (6GK5310-0BA00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X310FE (6GK5310-0BA10-2AA3)",
"product_id": "63",
"product_identification_helper": {
"model_numbers": [
"6GK5310-0BA10-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X310FE (6GK5310-0BA10-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X320-1 FE (6GK5320-1BD00-2AA3)",
"product_id": "64",
"product_identification_helper": {
"model_numbers": [
"6GK5320-1BD00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X320-1 FE (6GK5320-1BD00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3)",
"product_id": "65",
"product_identification_helper": {
"model_numbers": [
"6GK5320-3BF00-2AA3"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X320-1-2LD FE (6GK5320-3BF00-2AA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE X408-2 (6GK5408-2FD00-2AA2)",
"product_id": "66",
"product_identification_helper": {
"model_numbers": [
"6GK5408-2FD00-2AA2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE X408-2 (6GK5408-2FD00-2AA2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2)",
"product_id": "67",
"product_identification_helper": {
"model_numbers": [
"6GK5201-3BH00-2BD2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2)",
"product_id": "68",
"product_identification_helper": {
"model_numbers": [
"6GK5202-2BH00-2BD2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF204 (6GK5204-0BA00-2AF2)",
"product_id": "69",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204 (6GK5204-0BA00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF204-2 (6GK5204-2BC00-2AF2)",
"product_id": "70",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2BC00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204-2 (6GK5204-2BC00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2)",
"product_id": "71",
"product_identification_helper": {
"model_numbers": [
"6GK5204-2AA00-2BD2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2)",
"product_id": "72",
"product_identification_helper": {
"model_numbers": [
"6GK5204-0BA00-2BF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF206-1 (6GK5206-1BC00-2AF2)",
"product_id": "73",
"product_identification_helper": {
"model_numbers": [
"6GK5206-1BC00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF206-1 (6GK5206-1BC00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.2.6",
"product": {
"name": "SCALANCE XF208 (6GK5208-0BA00-2AF2)",
"product_id": "74",
"product_identification_helper": {
"model_numbers": [
"6GK5208-0BA00-2AF2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XF208 (6GK5208-0BA00-2AF2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2)",
"product_id": "75",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-2ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG00-2ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2)",
"product_id": "76",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-2ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on front) (6GK5324-4GG10-2ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2)",
"product_id": "77",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-2JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG00-2JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2)",
"product_id": "78",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-2JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 24V, ports on rear) (6GK5324-4GG10-2JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2)",
"product_id": "79",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-4ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-4ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2)",
"product_id": "80",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-4ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-4ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2)",
"product_id": "81",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-4JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-4JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2)",
"product_id": "82",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-4JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-4JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2)",
"product_id": "83",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-1ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG00-1ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2)",
"product_id": "84",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-1ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on front) (6GK5324-4GG10-1ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2)",
"product_id": "85",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-1JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG00-1JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2)",
"product_id": "86",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-1JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (24V, ports on rear) (6GK5324-4GG10-1JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2)",
"product_id": "87",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-3ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG00-3ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2)",
"product_id": "88",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-3ER2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front) (6GK5324-4GG10-3ER2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2)",
"product_id": "89",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG00-3JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG00-3JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2)",
"product_id": "90",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4GG10-3JR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear) (6GK5324-4GG10-3JR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2)",
"product_id": "91",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-1AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (24V, ports on front) (6GK5324-4QG00-1AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2)",
"product_id": "92",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-1HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (24V, ports on rear) (6GK5324-4QG00-1HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2)",
"product_id": "93",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-3AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (230V, ports on front) (6GK5324-4QG00-3AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2)",
"product_id": "94",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-3HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE (230V, ports on rear) (6GK5324-4QG00-3HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2)",
"product_id": "95",
"product_identification_helper": {
"model_numbers": [
"6GK5324-4QG00-1CR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-4M PoE TS (24V, ports on front) (6GK5324-4QG00-1CR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2)",
"product_id": "96",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-1AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG00-1AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2)",
"product_id": "97",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-1AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on front) (6GK5324-0GG10-1AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2)",
"product_id": "98",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-1HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG00-1HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2)",
"product_id": "99",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-1HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (24V, ports on rear) (6GK5324-0GG10-1HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2)",
"product_id": "100",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-3AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG00-3AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2)",
"product_id": "101",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-3AR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on front) (6GK5324-0GG10-3AR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2)",
"product_id": "102",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-3HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG00-3HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2)",
"product_id": "103",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-3HR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M (230V, ports on rear) (6GK5324-0GG10-3HR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2)",
"product_id": "104",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG00-1CR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG00-1CR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2)",
"product_id": "105",
"product_identification_helper": {
"model_numbers": [
"6GK5324-0GG10-1CR2"
]
}
}
}
],
"category": "product_name",
"name": "SCALANCE XR324-12M TS (24V) (6GK5324-0GG10-1CR2)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cV5.5.2",
"product": {
"name": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3)",
"product_id": "106",
"product_identification_helper": {
"model_numbers": [
"6AG1202-2BH00-2BA3"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3)"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:all/*",
"product": {
"name": "SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3)",
"product_id": "107",
"product_identification_helper": {
"model_numbers": [
"6AG1308-2FL10-4AA3"
]
}
}
}
],
"category": "product_name",
"name": "SIPLUS NET SCALANCE X308-2 (6AG1308-2FL10-4AA3)"
}
],
"category": "vendor",
"name": "Siemens"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-28895",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block\u0027s size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"31",
"30",
"29",
"28",
"27",
"26",
"25",
"24",
"32",
"33",
"41",
"40",
"39",
"38",
"37",
"36",
"35",
"34",
"42",
"43",
"44",
"45",
"46",
"47",
"48",
"49",
"50",
"51",
"52",
"53",
"54",
"55",
"56",
"57",
"58",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"68",
"69",
"70",
"71",
"72",
"73",
"74",
"100",
"101",
"102",
"103",
"96",
"97",
"98",
"99",
"104",
"105",
"87",
"88",
"89",
"90",
"83",
"84",
"85",
"86",
"79",
"80",
"81",
"82",
"75",
"76",
"77",
"78",
"93",
"94",
"91",
"92",
"95",
"106",
"107"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"31",
"30",
"29",
"28",
"27",
"26",
"25",
"24",
"32",
"33",
"41",
"40",
"39",
"38",
"37",
"36",
"35",
"34",
"42",
"43",
"44",
"45",
"46",
"47",
"48",
"49",
"50",
"51",
"52",
"53",
"54",
"55",
"56",
"57",
"58",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"100",
"101",
"102",
"103",
"96",
"97",
"98",
"99",
"104",
"105",
"87",
"88",
"89",
"90",
"83",
"84",
"85",
"86",
"79",
"80",
"81",
"82",
"75",
"76",
"77",
"78",
"93",
"94",
"91",
"92",
"95",
"107"
]
},
{
"category": "vendor_fix",
"details": "Update to V5.2.6 or later version",
"product_ids": [
"8",
"9",
"10",
"11",
"12",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"69",
"70",
"73",
"74"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811753/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"13",
"14",
"15",
"67",
"68",
"71",
"72",
"106"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817790/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"31",
"30",
"29",
"28",
"27",
"26",
"25",
"24",
"32",
"33",
"41",
"40",
"39",
"38",
"37",
"36",
"35",
"34",
"42",
"43",
"44",
"45",
"46",
"47",
"48",
"49",
"50",
"51",
"52",
"53",
"54",
"55",
"56",
"57",
"58",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"68",
"69",
"70",
"71",
"72",
"73",
"74",
"100",
"101",
"102",
"103",
"96",
"97",
"98",
"99",
"104",
"105",
"87",
"88",
"89",
"90",
"83",
"84",
"85",
"86",
"79",
"80",
"81",
"82",
"75",
"76",
"77",
"78",
"93",
"94",
"91",
"92",
"95",
"106",
"107"
]
}
],
"title": "CVE-2020-28895"
},
{
"cve": "CVE-2020-35198",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The APIs cacheDmaMalloc()/cacheArchDmaMalloc()/mmap64() align the size of the requested buffer with the memory page size of the target platform. If the requested size is large enough to cause integer overflow by the alignment calculation, a valid pointer to a buffer that is smaller than the requested size is returned, opening the door to use for heap overflow attacks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"31",
"30",
"29",
"28",
"27",
"26",
"25",
"24",
"32",
"33",
"41",
"40",
"39",
"38",
"37",
"36",
"35",
"34",
"42",
"43",
"44",
"45",
"46",
"47",
"48",
"49",
"50",
"51",
"52",
"53",
"54",
"55",
"56",
"57",
"58",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"68",
"69",
"70",
"71",
"72",
"73",
"74",
"100",
"101",
"102",
"103",
"96",
"97",
"98",
"99",
"104",
"105",
"87",
"88",
"89",
"90",
"83",
"84",
"85",
"86",
"79",
"80",
"81",
"82",
"75",
"76",
"77",
"78",
"93",
"94",
"91",
"92",
"95",
"106",
"107"
]
},
"remediations": [
{
"category": "no_fix_planned",
"details": "Currently no fix is planned",
"product_ids": [
"31",
"30",
"29",
"28",
"27",
"26",
"25",
"24",
"32",
"33",
"41",
"40",
"39",
"38",
"37",
"36",
"35",
"34",
"42",
"43",
"44",
"45",
"46",
"47",
"48",
"49",
"50",
"51",
"52",
"53",
"54",
"55",
"56",
"57",
"58",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"100",
"101",
"102",
"103",
"96",
"97",
"98",
"99",
"104",
"105",
"87",
"88",
"89",
"90",
"83",
"84",
"85",
"86",
"79",
"80",
"81",
"82",
"75",
"76",
"77",
"78",
"93",
"94",
"91",
"92",
"95",
"107"
]
},
{
"category": "vendor_fix",
"details": "Update to V5.2.6 or later version",
"product_ids": [
"8",
"9",
"10",
"11",
"12",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"69",
"70",
"73",
"74"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109811753/"
},
{
"category": "vendor_fix",
"details": "Update to V5.5.2 or later version",
"product_ids": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"13",
"14",
"15",
"67",
"68",
"71",
"72",
"106"
],
"url": "https://support.industry.siemens.com/cs/ww/en/view/109817790/"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
"version": "3.1"
},
"products": [
"1",
"2",
"3",
"4",
"5",
"6",
"7",
"8",
"9",
"10",
"11",
"12",
"13",
"14",
"15",
"16",
"17",
"18",
"19",
"20",
"21",
"22",
"23",
"31",
"30",
"29",
"28",
"27",
"26",
"25",
"24",
"32",
"33",
"41",
"40",
"39",
"38",
"37",
"36",
"35",
"34",
"42",
"43",
"44",
"45",
"46",
"47",
"48",
"49",
"50",
"51",
"52",
"53",
"54",
"55",
"56",
"57",
"58",
"59",
"60",
"61",
"62",
"63",
"64",
"65",
"66",
"67",
"68",
"69",
"70",
"71",
"72",
"73",
"74",
"100",
"101",
"102",
"103",
"96",
"97",
"98",
"99",
"104",
"105",
"87",
"88",
"89",
"90",
"83",
"84",
"85",
"86",
"79",
"80",
"81",
"82",
"75",
"76",
"77",
"78",
"93",
"94",
"91",
"92",
"95",
"106",
"107"
]
}
],
"title": "CVE-2020-35198"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…