CERTFR-2023-AVI-0121

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Siemens N/A JT Utilities versions antérieures à V13.2.3.0
Siemens N/A Parasolid V35.0 versions antérieures à V35.0.170
Siemens N/A TIA Project-Server versions antérieures à V1.1
Siemens N/A COMOS V10.3.3.4 versions antérieures à V10.3.3.4.6
Siemens N/A SCALANCE X204IRT (6GK5204-0BA00-2BA3) versions antérieures à V5.5.0
Siemens N/A Parasolid V34.1 versions antérieures à V34.1.242
Siemens N/A TIA Multiuser Server V16 toutes les versions
Siemens N/A COMOS V10.2 toutes les versions
Siemens N/A Simcenter Femap versions antérieures à V2023.1
Siemens N/A Applications utilisant Mendix versions 9 (V9.12) antérieures à V9.12.10
Siemens N/A Parasolid V35.1 versions antérieures à V35.1.150
Siemens N/A COMOS V10.3.3.3 versions antérieures à V10.3.3.3.9
Siemens N/A SCALANCE XF204IRT (6GK5204-0BA00-2BF2) versions antérieures à V5.5.0
Siemens N/A Brownfield Connectivity - Client versions antérieures à V2.15
Siemens N/A COMOS V10.4.2.0 versions antérieures à V10.4.2.0.25
Siemens N/A TIA Multiuser Server V14 toutes les versions
Siemens N/A COMOS V10.3.3.1 versions antérieures à V10.3.3.1.45
Siemens N/A Parasolid V34.0 versions antérieures à V34.0.254
Siemens N/A SiPass integrated AC5102 (ACC-G2) versions antérieures à V2.85.44
Siemens N/A Solid Edge SE2023 versions antérieures à V2023Update2
Siemens N/A SiPass integrated ACC-AP versions antérieures à V2.85.43
Siemens N/A SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) versions antérieures à V5.5.0
Siemens N/A COMOS V10.4.0.0 versions antérieures à V10.4.0.0.31
Siemens N/A Applications utilisant Mendix versions 7 antérieures à V7.23.34
Siemens N/A Applications utilisant Mendix versions 9 (V9.18) antérieures à V9.18.4
Siemens N/A SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) versions antérieures à V5.5.0
Siemens N/A SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) versions antérieures à V5.5.0
Siemens N/A SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) versions antérieures à V5.5.0
Siemens N/A SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) versions antérieures à V5.5.0
Siemens N/A TIA Multiuser Server V15 versions antérieures à V15.1 Update 8
Siemens N/A SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) versions antérieures à V5.5.0
Siemens N/A SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) versions antérieures à V5.5.0
Siemens N/A Applications utilisant Mendix versions 8 antérieures à V8.18.23
Siemens N/A Famille de produits SIMATIC Field PG, SIMATIC IPC et SIMATIC ITP toutes les versions
Siemens N/A SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) versions antérieures à V5.5.0
Siemens N/A Brownfield Connectivity - Gateway versions antérieures à V1.11
Siemens N/A SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) versions antérieures à V5.5.0
Siemens N/A TIA Multiuser Server V17 toutes les versions
Siemens N/A Famille de produits RUGGEDCOM APE1808 toutes les versions
Siemens N/A SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) versions antérieures à V5.5.0
Siemens N/A Applications utilisant Mendix versions 9 (V9.6) antérieures à V9.6.15
Siemens N/A COMOS V10.4.1.0 versions antérieures à V10.4.1.0.32
Siemens N/A SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2) versions antérieures à V5.5.0
Siemens N/A COMOS V10.3.3.2 versions antérieures à V10.3.3.2.33
Siemens N/A Tecnomatix Plant Simulation versions antérieures à V2201.0006
Siemens N/A JT Open versions antérieures à V11.2.3.0
Siemens N/A Applications utilisant Mendix versions 9 antérieures à V9.22.0
References
Bulletin de sécurité [SCADA] Siemens SSA-847261 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-693110 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-953464 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-744259 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-617755 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-658793 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-450613 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-491245 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-686975 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-836777 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-565356 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-252808 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens SSA-640968 du 14 février 2023 None vendor-advisory
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other
Bulletin de sécurité [SCADA] Siemens du 14 février 2023 - other

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "JT Utilities versions ant\u00e9rieures \u00e0 V13.2.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.0 versions ant\u00e9rieures \u00e0 V35.0.170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Project-Server versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.4 versions ant\u00e9rieures \u00e0 V10.3.3.4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204IRT (6GK5204-0BA00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V34.1 versions ant\u00e9rieures \u00e0 V34.1.242",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V16 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.2 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter Femap versions ant\u00e9rieures \u00e0 V2023.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 (V9.12) ant\u00e9rieures \u00e0 V9.12.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V35.1 versions ant\u00e9rieures \u00e0 V35.1.150",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.3 versions ant\u00e9rieures \u00e0 V10.3.3.3.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF204IRT (6GK5204-0BA00-2BF2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Brownfield Connectivity - Client versions ant\u00e9rieures \u00e0 V2.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.4.2.0 versions ant\u00e9rieures \u00e0 V10.4.2.0.25",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V14 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.1 versions ant\u00e9rieures \u00e0 V10.3.3.1.45",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid V34.0 versions ant\u00e9rieures \u00e0 V34.0.254",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated AC5102 (ACC-G2) versions ant\u00e9rieures \u00e0 V2.85.44",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge SE2023 versions ant\u00e9rieures \u00e0 V2023Update2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SiPass integrated ACC-AP versions ant\u00e9rieures \u00e0 V2.85.43",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF204-2BA IRT (6GK5204-2AA00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.4.0.0 versions ant\u00e9rieures \u00e0 V10.4.0.0.31",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 7 ant\u00e9rieures \u00e0 V7.23.34",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 (V9.18) ant\u00e9rieures \u00e0 V9.18.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2P IRT PRO (6GK5202-2JR00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X204IRT PRO (6GK5204-0JA00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET SCALANCE X202-2P IRT (6AG1202-2BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF201-3P IRT (6GK5201-3BH00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V15 versions ant\u00e9rieures \u00e0 V15.1 Update 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X201-3P IRT PRO (6GK5201-3JR00-2BA6) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2IRT (6GK5202-2BB00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 8 ant\u00e9rieures \u00e0 V8.18.23",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Famille de produits SIMATIC Field PG, SIMATIC IPC et SIMATIC ITP toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X200-4P IRT (6GK5200-4AH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Brownfield Connectivity - Gateway versions ant\u00e9rieures \u00e0 V1.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X201-3P IRT (6GK5201-3BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Multiuser Server V17 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Famille de produits RUGGEDCOM APE1808 toutes les versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X202-2P IRT (6GK5202-2BH00-2BA3) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 (V9.6) ant\u00e9rieures \u00e0 V9.6.15",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.4.1.0 versions ant\u00e9rieures \u00e0 V10.4.1.0.32",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XF202-2P IRT (6GK5202-2BH00-2BD2) versions ant\u00e9rieures \u00e0 V5.5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "COMOS V10.3.3.2 versions ant\u00e9rieures \u00e0 V10.3.3.2.33",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Tecnomatix Plant Simulation versions ant\u00e9rieures \u00e0 V2201.0006",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT Open versions ant\u00e9rieures \u00e0 V11.2.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Applications utilisant Mendix versions 9 ant\u00e9rieures \u00e0 V9.22.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2023-24556",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24556"
    },
    {
      "name": "CVE-2022-1343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1343"
    },
    {
      "name": "CVE-2022-1473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1473"
    },
    {
      "name": "CVE-2023-24990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24990"
    },
    {
      "name": "CVE-2022-39157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-39157"
    },
    {
      "name": "CVE-2022-46345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
    },
    {
      "name": "CVE-2023-22669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22669"
    },
    {
      "name": "CVE-2023-24549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24549"
    },
    {
      "name": "CVE-2023-24560",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24560"
    },
    {
      "name": "CVE-2022-31808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31808"
    },
    {
      "name": "CVE-2022-46347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
    },
    {
      "name": "CVE-2022-27536",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27536"
    },
    {
      "name": "CVE-2022-46349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
    },
    {
      "name": "CVE-2022-24921",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24921"
    },
    {
      "name": "CVE-2022-28327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-28327"
    },
    {
      "name": "CVE-2022-1292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1292"
    },
    {
      "name": "CVE-2023-24552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24552"
    },
    {
      "name": "CVE-2021-43391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43391"
    },
    {
      "name": "CVE-2023-24980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24980"
    },
    {
      "name": "CVE-2021-32936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32936"
    },
    {
      "name": "CVE-2022-33984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33984"
    },
    {
      "name": "CVE-2023-24551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24551"
    },
    {
      "name": "CVE-2022-46346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
    },
    {
      "name": "CVE-2023-24992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24992"
    },
    {
      "name": "CVE-2022-21198",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-21198"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2022-33906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33906"
    },
    {
      "name": "CVE-2023-24562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24562"
    },
    {
      "name": "CVE-2023-24482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24482"
    },
    {
      "name": "CVE-2023-24994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24994"
    },
    {
      "name": "CVE-2021-41771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41771"
    },
    {
      "name": "CVE-2022-43397",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43397"
    },
    {
      "name": "CVE-2023-24561",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24561"
    },
    {
      "name": "CVE-2023-24995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24995"
    },
    {
      "name": "CVE-2022-30774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30774"
    },
    {
      "name": "CVE-2023-24553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24553"
    },
    {
      "name": "CVE-2023-24984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24984"
    },
    {
      "name": "CVE-2021-32938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32938"
    },
    {
      "name": "CVE-2023-24993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24993"
    },
    {
      "name": "CVE-2023-24558",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24558"
    },
    {
      "name": "CVE-2022-46348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
    },
    {
      "name": "CVE-2023-22295",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22295"
    },
    {
      "name": "CVE-2021-32948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-32948"
    },
    {
      "name": "CVE-2022-33982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33982"
    },
    {
      "name": "CVE-2023-22846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22846"
    },
    {
      "name": "CVE-2023-24983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24983"
    },
    {
      "name": "CVE-2022-47936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47936"
    },
    {
      "name": "CVE-2022-47977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-47977"
    },
    {
      "name": "CVE-2023-24550",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24550"
    },
    {
      "name": "CVE-2023-24565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24565"
    },
    {
      "name": "CVE-2023-25140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25140"
    },
    {
      "name": "CVE-2023-24988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24988"
    },
    {
      "name": "CVE-2022-35868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-35868"
    },
    {
      "name": "CVE-2023-24554",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24554"
    },
    {
      "name": "CVE-2022-33907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33907"
    },
    {
      "name": "CVE-2021-43336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-43336"
    },
    {
      "name": "CVE-2023-24581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24581"
    },
    {
      "name": "CVE-2023-22321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22321"
    },
    {
      "name": "CVE-2022-24675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-24675"
    },
    {
      "name": "CVE-2023-24557",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24557"
    },
    {
      "name": "CVE-2023-24566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24566"
    },
    {
      "name": "CVE-2023-24978",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24978"
    },
    {
      "name": "CVE-2023-24555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24555"
    },
    {
      "name": "CVE-2023-24979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24979"
    },
    {
      "name": "CVE-2023-22354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22354"
    },
    {
      "name": "CVE-2021-41772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41772"
    },
    {
      "name": "CVE-2023-24987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24987"
    },
    {
      "name": "CVE-2023-24986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24986"
    },
    {
      "name": "CVE-2021-44716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44716"
    },
    {
      "name": "CVE-2023-23579",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23579"
    },
    {
      "name": "CVE-2023-24564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24564"
    },
    {
      "name": "CVE-2023-24982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24982"
    },
    {
      "name": "CVE-2023-24996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24996"
    },
    {
      "name": "CVE-2022-31243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31243"
    },
    {
      "name": "CVE-2023-24563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24563"
    },
    {
      "name": "CVE-2023-24985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24985"
    },
    {
      "name": "CVE-2023-24991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24991"
    },
    {
      "name": "CVE-2023-24981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24981"
    },
    {
      "name": "CVE-2021-44717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44717"
    },
    {
      "name": "CVE-2022-1434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-1434"
    },
    {
      "name": "CVE-2022-33908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-33908"
    },
    {
      "name": "CVE-2023-23835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23835"
    },
    {
      "name": "CVE-2023-24559",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24559"
    },
    {
      "name": "CVE-2023-24989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-24989"
    },
    {
      "name": "CVE-2023-22670",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-22670"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-836777.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-617755.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-658793.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-686975.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-491245.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-693110.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-565356.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-640968.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847261.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-450613.pdf"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens du 14 f\u00e9vrier 2023",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-252808.pdf"
    }
  ],
  "reference": "CERTFR-2023-AVI-0121",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2023-02-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Siemens\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un\nd\u00e9ni de service \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-847261 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-693110 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-953464 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-744259 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-617755 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-658793 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-450613 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-491245 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-686975 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-836777 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-565356 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-252808 du 14 f\u00e9vrier 2023",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 [SCADA] Siemens SSA-640968 du 14 f\u00e9vrier 2023",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.