cvelistv5 - cve-2016-10395

CVE-2016-10395 (GCVE-0-2016-10395)

Vulnerability from cvelistv5 – Published: 2017-06-15 16:00 – Updated: 2024-08-06 03:21

Summary

In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.

Severity ?

No CVSS data available.

CWE

Out-of-bounds memory read access leading to local user privilege escalation

Assigner

flexera

References

URL

Tags

	https://secuniaresearch.flexerasoftware.com/advis…	x_refsource_MISC
	https://www.citect.schneider-electric.com/safety-…	x_refsource_CONFIRM
	https://www.schneider-electric.com/en/download/do…	x_refsource_CONFIRM
	https://www.schneider-electric.com/en/download/do…	x_refsource_CONFIRM
	https://www.schneider-electric.com/en/download/do…	x_refsource_CONFIRM
	https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Flexera Software LLC	FlexNet Publisher	Affected: Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T03:21:51.436Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FlexNet Publisher",
          "vendor": "Flexera Software LLC",
          "versions": [
            {
              "status": "affected",
              "version": "Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform"
            }
          ]
        }
      ],
      "datePublic": "2017-06-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds memory read access leading to local user privilege escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-05-29T19:57:02",
        "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
        "shortName": "flexera"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2016-10395",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FlexNet Publisher",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Flexera Software LLC"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds memory read access leading to local user privilege escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://secuniaresearch.flexerasoftware.com/advisories/76368/",
              "refsource": "MISC",
              "url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
            },
            {
              "name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager",
              "refsource": "CONFIRM",
              "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
            },
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/",
              "refsource": "CONFIRM",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
            },
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/",
              "refsource": "CONFIRM",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
            },
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/",
              "refsource": "CONFIRM",
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
    "assignerShortName": "flexera",
    "cveId": "CVE-2016-10395",
    "datePublished": "2017-06-15T16:00:00",
    "dateReserved": "2017-05-30T00:00:00",
    "dateUpdated": "2024-08-06T03:21:51.436Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:flexerasoftware:flexnet_publisher:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"11.14.1\", \"matchCriteriaId\": \"27B21AC4-B047-470E-BE67-A503B6E935A9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.\"}, {\"lang\": \"es\", \"value\": \"En las versiones anteriores a Liton SP1 (11.14.1.1) de FlaxNet Publisher ejecutando FlaxNet Publisher Licensing Service en Windows, un error de limites relacionado al nombre de la tuber\\u00eda dentro de el FlaxNet Publisher Licensing Service puede ser explotado provocando una lectura de memoria fuera de los l\\u00edmites y consecuentemente ejecutar un c\\u00f3digo aleatorio en los privilegios de SYSTEM.\"}]",
      "id": "CVE-2016-10395",
      "lastModified": "2024-11-21T02:43:54.877",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:S/C:C/I:C/A:C\", \"baseScore\": 6.8, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.1, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-06-15T16:29:00.187",
      "references": "[{\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://secuniaresearch.flexerasoftware.com/advisories/76368/\", \"source\": \"PSIRT-CNA@flexerasoftware.com\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/\", \"source\": \"PSIRT-CNA@flexerasoftware.com\"}, {\"url\": \"https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://secuniaresearch.flexerasoftware.com/advisories/76368/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\", \"Third Party Advisory\"]}, {\"url\": \"https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
      "vendorComments": "[{\"organization\": \"Flexera Software\", \"comment\": \"The vulnerability has been analyzed by us as to be exploitable through a locally authenticated user solely in this context. Thus, we assigned the following CVSS metrics and scores for the vulnerability with the CVE identifier CVE-2016-10395: \u003cbr /\u003e CVSS version 2: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C \u003cbr /\u003e CVSS version 3: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C\", \"lastModified\": \"2017-08-16T13:15:04.617\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-10395\",\"sourceIdentifier\":\"PSIRT-CNA@flexerasoftware.com\",\"published\":\"2017-06-15T16:29:00.187\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.\"},{\"lang\":\"es\",\"value\":\"En las versiones anteriores a Liton SP1 (11.14.1.1) de FlaxNet Publisher ejecutando FlaxNet Publisher Licensing Service en Windows, un error de limites relacionado al nombre de la tuber\u00eda dentro de el FlaxNet Publisher Licensing Service puede ser explotado provocando una lectura de memoria fuera de los l\u00edmites y consecuentemente ejecutar un c\u00f3digo aleatorio en los privilegios de SYSTEM.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:C/I:C/A:C\",\"baseScore\":6.8,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.1,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flexerasoftware:flexnet_publisher:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"11.14.1\",\"matchCriteriaId\":\"27B21AC4-B047-470E-BE67-A503B6E935A9\"}]}]}],\"references\":[{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://secuniaresearch.flexerasoftware.com/advisories/76368/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/\",\"source\":\"PSIRT-CNA@flexerasoftware.com\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://secuniaresearch.flexerasoftware.com/advisories/76368/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\",\"Third Party Advisory\"]},{\"url\":\"https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Flexera Software\",\"comment\":\"The vulnerability has been analyzed by us as to be exploitable through a locally authenticated user solely in this context. Thus, we assigned the following CVSS metrics and scores for the vulnerability with the CVE identifier CVE-2016-10395: \u003cbr /\u003e CVSS version 2: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C \u003cbr /\u003e CVSS version 3: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C\",\"lastModified\":\"2017-08-16T13:15:04.617\"}]}}"
  }
}

CERTFR-2018-AVI-254

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans SCADA les produits Schneider Electric. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	SoMachine Basic toutes versions antérieures à 1.6 SP1
Schneider Electric	N/A	EcoStructure Modicon Builder versions antérieures à V3.1
Schneider Electric	N/A	PlantStruxure PES version 4.3 SP1et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2018-144-01 du 24 mai 2018	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2018-142-01 du 22 mai 2018	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2018-137-01 du 17 mai 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SoMachine Basic toutes versions ant\u00e9rieures \u00e0 1.6 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStructure Modicon Builder versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PlantStruxure PES version 4.3 SP1et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7783"
    },
    {
      "name": "CVE-2016-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
    },
    {
      "name": "CVE-2016-10395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10395"
    },
    {
      "name": "CVE-2017-5571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5571"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-254",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-05-25T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-144-01 du 24 mai 2018",
      "revision_date": "2018-05-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-144-01 du 24 mai 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-142-01 du 22 mai 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-142-01/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-137-01 du 17 mai 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
    }
  ]
}

CERTFR-2018-AVI-089

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans SCADA les produits Schneider Electric. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Floating License Manager versions antérieures à v2.1.0.0
Schneider Electric	N/A	Energy Expert versions 1.x antérieures à 1.3 avec le dernier correctif de sécurité installé
Schneider Electric	N/A	StruxureWare Power Monitoring Expert versions 7.2.x antérieures à 7.2.2 avec le dernier correctif de sécurité installé
Schneider Electric	N/A	EcoStruxure Power Monitoring Expert versions 8.x antérieures à 8.2 avec le dernier correctif de sécurité installé
Schneider Electric	N/A	Power SCADA Operations versions 8.x antérieures à 8.2 avec le dernier correctif de sécurité installé

References

Title

Publication Time

Tags

Bulletin de sécurité SCADA Schneider Electric du 15 février 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Floating License Manager versions ant\u00e9rieures \u00e0 v2.1.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Energy Expert versions 1.x ant\u00e9rieures \u00e0 1.3 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "StruxureWare Power Monitoring Expert versions 7.2.x ant\u00e9rieures \u00e0 7.2.2 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Power Monitoring Expert versions 8.x ant\u00e9rieures \u00e0 8.2 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Operations versions 8.x ant\u00e9rieures \u00e0 8.2 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
    },
    {
      "name": "CVE-2016-10395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10395"
    },
    {
      "name": "CVE-2016-5571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5571"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-089",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-02-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric du 15 f\u00e9vrier 2018",
      "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
    }
  ]
}

CERTFR-2018-AVI-254

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	SoMachine Basic toutes versions antérieures à 1.6 SP1
Schneider Electric	N/A	EcoStructure Modicon Builder versions antérieures à V3.1
Schneider Electric	N/A	PlantStruxure PES version 4.3 SP1et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité Schneider Electric SEVD-2018-144-01 du 24 mai 2018	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2018-142-01 du 22 mai 2018	None	vendor-advisory
Bulletin de sécurité Schneider Electric SEVD-2018-137-01 du 17 mai 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SoMachine Basic toutes versions ant\u00e9rieures \u00e0 1.6 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStructure Modicon Builder versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "PlantStruxure PES version 4.3 SP1et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-7783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-7783"
    },
    {
      "name": "CVE-2016-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
    },
    {
      "name": "CVE-2016-10395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10395"
    },
    {
      "name": "CVE-2017-5571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-5571"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-254",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-05-25T00:00:00.000000"
    },
    {
      "description": "Ajout du bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-144-01 du 24 mai 2018",
      "revision_date": "2018-05-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSchneider Electric. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-144-01 du 24 mai 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-142-01 du 22 mai 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-142-01/"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Schneider Electric SEVD-2018-137-01 du 17 mai 2018",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
    }
  ]
}

CERTFR-2018-AVI-089

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Schneider Electric	N/A	Floating License Manager versions antérieures à v2.1.0.0
Schneider Electric	N/A	Energy Expert versions 1.x antérieures à 1.3 avec le dernier correctif de sécurité installé
Schneider Electric	N/A	StruxureWare Power Monitoring Expert versions 7.2.x antérieures à 7.2.2 avec le dernier correctif de sécurité installé
Schneider Electric	N/A	EcoStruxure Power Monitoring Expert versions 8.x antérieures à 8.2 avec le dernier correctif de sécurité installé
Schneider Electric	N/A	Power SCADA Operations versions 8.x antérieures à 8.2 avec le dernier correctif de sécurité installé

References

Title

Publication Time

Tags

Bulletin de sécurité SCADA Schneider Electric du 15 février 2018

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Floating License Manager versions ant\u00e9rieures \u00e0 v2.1.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Energy Expert versions 1.x ant\u00e9rieures \u00e0 1.3 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "StruxureWare Power Monitoring Expert versions 7.2.x ant\u00e9rieures \u00e0 7.2.2 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "EcoStruxure Power Monitoring Expert versions 8.x ant\u00e9rieures \u00e0 8.2 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    },
    {
      "description": "Power SCADA Operations versions 8.x ant\u00e9rieures \u00e0 8.2 avec le dernier correctif de s\u00e9curit\u00e9 install\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Schneider Electric",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
    },
    {
      "name": "CVE-2016-10395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10395"
    },
    {
      "name": "CVE-2016-5571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5571"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-089",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-02-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSchneider Electric. Elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0\ndistance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Schneider Electric",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SCADA Schneider Electric du 15 f\u00e9vrier 2018",
      "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
    }
  ]
}

GSD-2016-10395

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-10395

Aliases

CVE-2016-10395

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-10395",
    "description": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.",
    "id": "GSD-2016-10395",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-10395.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-10395"
      ],
      "details": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.",
      "id": "GSD-2016-10395",
      "modified": "2023-12-13T01:21:26.857769Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
        "ID": "CVE-2016-10395",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FlexNet Publisher",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Flexera Software LLC"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Out-of-bounds memory read access leading to local user privilege escalation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://secuniaresearch.flexerasoftware.com/advisories/76368/",
            "refsource": "MISC",
            "url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
          },
          {
            "name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager",
            "refsource": "CONFIRM",
            "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
          },
          {
            "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/",
            "refsource": "CONFIRM",
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
          },
          {
            "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/",
            "refsource": "CONFIRM",
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
          },
          {
            "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/",
            "refsource": "CONFIRM",
            "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:flexerasoftware:flexnet_publisher:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.14.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
          "ID": "CVE-2016-10395"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://secuniaresearch.flexerasoftware.com/advisories/76368/",
              "refsource": "MISC",
              "tags": [
                "Permissions Required",
                "Third Party Advisory"
              ],
              "url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
            },
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
            },
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
            },
            {
              "name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
            },
            {
              "name": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01",
              "refsource": "MISC",
              "tags": [],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.1,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-05-30T01:29Z",
      "publishedDate": "2017-06-15T16:29Z"
    }
  }
}

GHSA-7937-G7XQ-56G3

Vulnerability from github – Published: 2022-05-14 03:20 – Updated: 2025-04-20 03:39

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-10395"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-06-15T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges.",
  "id": "GHSA-7937-g7xq-56g3",
  "modified": "2025-04-20T03:39:12Z",
  "published": "2022-05-14T03:20:48Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-10395"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
    },
    {
      "type": "WEB",
      "url": "https://secuniaresearch.flexerasoftware.com/advisories/76368"
    },
    {
      "type": "WEB",
      "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01"
    },
    {
      "type": "WEB",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2018-12134

Vulnerability from cnvd - Published: 2018-06-27

Title

Flexera Software FlexNet Publisher Licensing Service任意代码执行漏洞

Description

Flexera Software FlexNet Publisher（前称FLEXlm）是美国富莱睿（Flexera Software）公司的一款授权关系管理解决方案（Entitlement Relationship Management Solution）中的软件授权管理核心组件。FlexNet Publisher Licensing Service是一个软件许可码激活验证的服务。基于Windows平台的Flexera Software FlexNet Publisher Luton SP1 (11.14.1.1)版本中的FlexNet Publisher Licensing Service中存在安全漏洞。攻击者可利用该漏洞以系统权限执行任意代码。

Severity

高

Patch Name

Flexera Software FlexNet Publisher Licensing Service任意代码执行漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://www.flexerasoftware.com/

Reference

https://secuniaresearch.flexerasoftware.com/advisories/76368/

Impacted products

Name
Flexera Software FlexNet Publisher 11.14.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-10395"
    }
  },
  "description": "Flexera Software FlexNet Publisher\uff08\u524d\u79f0FLEXlm\uff09\u662f\u7f8e\u56fd\u5bcc\u83b1\u777f\uff08Flexera Software\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6388\u6743\u5173\u7cfb\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff08Entitlement Relationship Management Solution\uff09\u4e2d\u7684\u8f6f\u4ef6\u6388\u6743\u7ba1\u7406\u6838\u5fc3\u7ec4\u4ef6\u3002FlexNet Publisher Licensing Service\u662f\u4e00\u4e2a\u8f6f\u4ef6\u8bb8\u53ef\u7801\u6fc0\u6d3b\u9a8c\u8bc1\u7684\u670d\u52a1\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Flexera Software FlexNet Publisher Luton SP1 (11.14.1.1)\u7248\u672c\u4e2d\u7684FlexNet Publisher Licensing Service\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Schneider Electric",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.flexerasoftware.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-12134",
  "openTime": "2018-06-27",
  "patchDescription": "Flexera Software FlexNet Publisher\uff08\u524d\u79f0FLEXlm\uff09\u662f\u7f8e\u56fd\u5bcc\u83b1\u777f\uff08Flexera Software\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u6388\u6743\u5173\u7cfb\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\uff08Entitlement Relationship Management Solution\uff09\u4e2d\u7684\u8f6f\u4ef6\u6388\u6743\u7ba1\u7406\u6838\u5fc3\u7ec4\u4ef6\u3002FlexNet Publisher Licensing Service\u662f\u4e00\u4e2a\u8f6f\u4ef6\u8bb8\u53ef\u7801\u6fc0\u6d3b\u9a8c\u8bc1\u7684\u670d\u52a1\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684Flexera Software FlexNet Publisher Luton SP1 (11.14.1.1)\u7248\u672c\u4e2d\u7684FlexNet Publisher Licensing Service\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u7cfb\u7edf\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Flexera Software FlexNet Publisher Licensing Service\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Flexera Software FlexNet Publisher 11.14.1"
  },
  "referenceLink": "https://secuniaresearch.flexerasoftware.com/advisories/76368/",
  "serverity": "\u9ad8",
  "submitTime": "2018-06-07",
  "title": "Flexera Software FlexNet Publisher Licensing Service\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

FKIE_CVE-2016-10395

Vulnerability from fkie_nvd - Published: 2017-06-15 16:29 - Updated: 2025-04-20 01:37

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
PSIRT-CNA@flexerasoftware.com	https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01
PSIRT-CNA@flexerasoftware.com	https://secuniaresearch.flexerasoftware.com/advisories/76368/	Permissions Required, Third Party Advisory
PSIRT-CNA@flexerasoftware.com	https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager
PSIRT-CNA@flexerasoftware.com	https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/
PSIRT-CNA@flexerasoftware.com	https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/
PSIRT-CNA@flexerasoftware.com	https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01
af854a3a-2127-422b-91ae-364da2661108	https://secuniaresearch.flexerasoftware.com/advisories/76368/	Permissions Required, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager
af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/
af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/
af854a3a-2127-422b-91ae-364da2661108	https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/

Impacted products

	Vendor	Product	Version
	flexerasoftware	flexnet_publisher	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:flexerasoftware:flexnet_publisher:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "27B21AC4-B047-470E-BE67-A503B6E935A9",
              "versionEndIncluding": "11.14.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running FlexNet Publisher Licensing Service on Windows platform, a boundary error related to a named pipe within the FlexNet Publisher Licensing Service can be exploited to cause an out-of-bounds memory read access and subsequently execute arbitrary code with SYSTEM privileges."
    },
    {
      "lang": "es",
      "value": "En las versiones anteriores a Liton SP1 (11.14.1.1) de FlaxNet Publisher ejecutando FlaxNet Publisher Licensing Service en Windows, un error de limites relacionado al nombre de la tuber\u00eda dentro de el FlaxNet Publisher Licensing Service puede ser explotado provocando una lectura de memoria fuera de los l\u00edmites y consecuentemente ejecutar un c\u00f3digo aleatorio en los privilegios de SYSTEM."
    }
  ],
  "id": "CVE-2016-10395",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-15T16:29:00.187",
  "references": [
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
    },
    {
      "source": "PSIRT-CNA@flexerasoftware.com",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-144-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required",
        "Third Party Advisory"
      ],
      "url": "https://secuniaresearch.flexerasoftware.com/advisories/76368/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
    }
  ],
  "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
  "vendorComments": [
    {
      "comment": "The vulnerability has been analyzed by us as to be exploitable through a locally authenticated user solely in this context. Thus, we assigned the following CVSS metrics and scores for the vulnerability with the CVE identifier CVE-2016-10395: \u003cbr /\u003e CVSS version 2: AV:L/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C \u003cbr /\u003e CVSS version 3: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
      "lastModified": "2017-08-16T13:15:04.617",
      "organization": "Flexera Software"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-18-144-01

Vulnerability from csaf_cisa - Published: 2018-05-24 00:00 - Updated: 2018-05-24 00:00

Summary

Schneider Electric Floating License Manager

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites.

Critical infrastructure sectors

Commercial Facilities, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems

Countries/areas deployed

Worldwide

Company headquarters location

France

Recommended Practices

NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Exploitability

No known public exploits specifically target these vulnerabilities.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Schneider Electric",
        "summary": "reporting these vulnerabilities to NCCIC"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could cause a denial of service, allow arbitrary execution of code with system level privileges, or send users to arbitrary websites.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Commercial Facilities, Energy, Food and Agriculture, Government Facilities, Transportation Systems, Water and Wastewater Systems",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "France",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target these vulnerabilities.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-144-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2018/icsa-18-144-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-18-144-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-144-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-18-144-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      }
    ],
    "title": "Schneider Electric Floating License Manager",
    "tracking": {
      "current_release_date": "2018-05-24T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-18-144-01",
      "initial_release_date": "2018-05-24T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2018-05-24T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSA-18-144-01 Schneider Electric Floating License Manager"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 3.0",
                "product": {
                  "name": "EcoStruxure Modicon Builder: V3.0 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "EcoStruxure Modicon Builder"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.2 (Standard DC HC Editions)",
                "product": {
                  "name": "EcoStruxure Power Monitoring Expert: 8.2 (Standard DC HC Editions)",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "EcoStruxure Power Monitoring Expert"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.30 | 7.40",
                "product": {
                  "name": "SCADA Expert Vijeo Citect / CitectSCADA: Version 7.30 7.40",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "SCADA Expert Vijeo Citect / CitectSCADA"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.x (formerly Power Manager)",
                "product": {
                  "name": "Energy Expert: 1.x (formerly Power Manager)",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Energy Expert"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module)",
                "product": {
                  "name": "EcoStruxure Power SCADA Operations: 8.x (formerly PowerSCADA Expert) (Only with Advanced Reports and Dashboards Module)",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "EcoStruxure Power SCADA Operations"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.2.x",
                "product": {
                  "name": "StruxureWare Power Monitoring Expert: 7.2.x",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "StruxureWare Power Monitoring Expert"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "4.40 | 4.50",
                "product": {
                  "name": "Vijeo Historian/CitectHistorian: Version 4.40 4.50",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "Vijeo Historian/CitectHistorian"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.1 (Standard DC HC Editions)",
                "product": {
                  "name": "StruxureWare Power Monitoring Expert: 8.1 (Standard DC HC Editions)",
                  "product_id": "CSAFPID-0008"
                }
              }
            ],
            "category": "product_name",
            "name": "StruxureWare Power Monitoring Expert"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=8.1 (Standard DC HC Editions)",
                "product": {
                  "name": "PlantStruxure PES: V4.3 SP1 and prior",
                  "product_id": "CSAFPID-0009"
                }
              }
            ],
            "category": "product_name",
            "name": "PlantStruxure PES"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.0 (Standard DC HC Buildings Editions)",
                "product": {
                  "name": "StruxureWare Power Monitoring Expert: 8.0 (Standard DC HC Buildings Editions)",
                  "product_id": "CSAFPID-00010"
                }
              }
            ],
            "category": "product_name",
            "name": "StruxureWare Power Monitoring Expert"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2015 | 2016",
                "product": {
                  "name": "CitectSCADA: Version 2015 2016",
                  "product_id": "CSAFPID-00011"
                }
              }
            ],
            "category": "product_name",
            "name": "CitectSCADA"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2016",
                "product": {
                  "name": "CitectHistorian: Version 2016",
                  "product_id": "CSAFPID-00012"
                }
              }
            ],
            "category": "product_name",
            "name": "CitectHistorian"
          }
        ],
        "category": "vendor",
        "name": "Schneider Electric Software, LLC"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-2177",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "summary",
          "text": "OpenSSL incorrectly uses pointer arithmetic for heap-buffer boundary checks, which may allow denial of service attacks or other unspecified behavior.CVE-2016-2177 has been assigned to this vulnerability. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2177"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Schneider Electric recommends that users of affected Citect and PlantStruxure products download and install the new version of the software",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.citect.schneider-electric.com/documents/downloads/Floating_License_Manager_v2.1.0.0.zip"
        },
        {
          "category": "mitigation",
          "details": "Users using EcoStruxure Modicon Builder V3.0 are recommended to download and use the new version (V3.1)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://partner.schneider-electric.com/partners/Menu/MyPartnership"
        },
        {
          "category": "mitigation",
          "details": "StructureWare 7.2.x users should upgrade to Version 7.2.2 and apply the floating licensing manager (FLM) patch",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://schneider-electric.box.com/s/n2fh1ym594pqvl87kf0zjsigamuryrje"
        },
        {
          "category": "mitigation",
          "details": "EcoStruxure/StruxureWare Power Monitoring Expert and Power SCADA Operations users need to upgrade to Version 8.2. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://schneider-electric.box.com/s/kkdikodcksjj1dznqy68ko0j28wct7vb"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2016-10395",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "summary",
          "text": "This vulnerability can be exploited to cause an out-of-bounds memory read access, which may allow remote code execution with system privileges.CVE-2016-10395 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10395"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Schneider Electric recommends that users of affected Citect and PlantStruxure products download and install the new version of the software",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.citect.schneider-electric.com/documents/downloads/Floating_License_Manager_v2.1.0.0.zip"
        },
        {
          "category": "mitigation",
          "details": "Users using EcoStruxure Modicon Builder V3.0 are recommended to download and use the new version (V3.1)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://partner.schneider-electric.com/partners/Menu/MyPartnership"
        },
        {
          "category": "mitigation",
          "details": "StructureWare 7.2.x users should upgrade to Version 7.2.2 and apply the floating licensing manager (FLM) patch",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://schneider-electric.box.com/s/n2fh1ym594pqvl87kf0zjsigamuryrje"
        },
        {
          "category": "mitigation",
          "details": "EcoStruxure/StruxureWare Power Monitoring Expert and Power SCADA Operations users need to upgrade to Version 8.2. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://schneider-electric.box.com/s/kkdikodcksjj1dznqy68ko0j28wct7vb"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2017-5571",
      "cwe": {
        "id": "CWE-601",
        "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An open redirect vulnerability has been identified, which may allow remote attackers to redirect users to arbitrary websites for phishing attacks.CVE-2017-5571 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007",
          "CSAFPID-0008",
          "CSAFPID-0009",
          "CSAFPID-00010",
          "CSAFPID-00011",
          "CSAFPID-00012"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5571"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "mitigation",
          "details": "Schneider Electric recommends that users of affected Citect and PlantStruxure products download and install the new version of the software",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.citect.schneider-electric.com/documents/downloads/Floating_License_Manager_v2.1.0.0.zip"
        },
        {
          "category": "mitigation",
          "details": "Users using EcoStruxure Modicon Builder V3.0 are recommended to download and use the new version (V3.1)",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://partner.schneider-electric.com/partners/Menu/MyPartnership"
        },
        {
          "category": "mitigation",
          "details": "StructureWare 7.2.x users should upgrade to Version 7.2.2 and apply the floating licensing manager (FLM) patch",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://schneider-electric.box.com/s/n2fh1ym594pqvl87kf0zjsigamuryrje"
        },
        {
          "category": "mitigation",
          "details": "EcoStruxure/StruxureWare Power Monitoring Expert and Power SCADA Operations users need to upgrade to Version 8.2. ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://schneider-electric.box.com/s/kkdikodcksjj1dznqy68ko0j28wct7vb"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.citect.schneider-electric.com/safety-and-security-central/36-security-notifications/9134-vulnerabilities-within-schneider-electric-floating-license-manager"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-137-01/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade ",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-144-01/"
        },
        {
          "category": "mitigation",
          "details": "Schneider Electric has also released security notifications which contain further details and upgrade",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ],
          "url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-046-01/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007",
            "CSAFPID-0008",
            "CSAFPID-0009",
            "CSAFPID-00010",
            "CSAFPID-00011",
            "CSAFPID-00012"
          ]
        }
      ]
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-10395 (GCVE-0-2016-10395)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature