cvelistv5 - cve-2017-9947

CVE-2017-9947 (GCVE-0-2017-9947)

Vulnerability from cvelistv5 – Published: 2017-10-23 00:00 – Updated: 2024-08-05 17:25

Summary

Severity ?

No CVSS data available.

CWE

CWE-538 - File and Directory Information Exposure

Assigner

siemens

References

URL

Tags

	http://www.securityfocus.com/bid/101248	vdb-entry
	https://www.siemens.com/cert/pool/cert/siemens_se…
	https://cert-portal.siemens.com/productcert/pdf/s…
	http://packetstormsecurity.com/files/169544/Sieme…

Impacted products

	Vendor	Product	Version
	n/a	APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5	Affected: APOGEE PXC and TALON TC BACnet Automation Controllers All versions <V3.5

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:25:00.484Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101248",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101248"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5"
            }
          ]
        }
      ],
      "datePublic": "2017-10-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-538",
              "description": "CWE-538: File and Directory Information Exposure",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-28T00:00:00",
        "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
        "shortName": "siemens"
      },
      "references": [
        {
          "name": "101248",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/101248"
        },
        {
          "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
        },
        {
          "url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
    "assignerShortName": "siemens",
    "cveId": "CVE-2017-9947",
    "datePublished": "2017-10-23T00:00:00",
    "dateReserved": "2017-06-26T00:00:00",
    "dateUpdated": "2024-08-05T17:25:00.484Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.5\", \"matchCriteriaId\": \"2449F533-CA42-44D4-B69E-B7B9F3A4EAD9\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B73DAA70-4CFB-4E63-ADC7-EC8A93E0BBBB\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.5\", \"matchCriteriaId\": \"B1604D4C-3E06-46D0-8D39-0A5BC7CE5A1D\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9485F0B-03E0-4442-B615-2DA91AE1CD00\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.5\", \"matchCriteriaId\": \"23756E05-4AD6-4888-AC07-C8E906CA5722\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D32EF0-8AEC-4594-8928-45F34DC60600\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"3.5\", \"matchCriteriaId\": \"AB1AF7BE-295B-4386-81F3-B08A1E15DD5F\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00C647D8-1725-42FA-8042-6C413EE67573\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.\"}, {\"lang\": \"es\", \"value\": \"Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Una vulnerabilidad de salto de directorio podr\\u00c3\\u00ada permitir a un atacante remoto con acceso de red al servidor web integrado (80/tcp y 443/tcp) obtener informaci\\u00c3\\u00b3n de la estructura del sistema de archivos de los dispositivos afectados.\"}]",
      "id": "CVE-2017-9947",
      "lastModified": "2024-11-21T03:37:13.890",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-10-23T08:29:00.867",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/101248\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf\", \"source\": \"productcert@siemens.com\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/101248\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "productcert@siemens.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"productcert@siemens.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-538\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-9947\",\"sourceIdentifier\":\"productcert@siemens.com\",\"published\":\"2017-10-23T08:29:00.867\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.\"},{\"lang\":\"es\",\"value\":\"Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Una vulnerabilidad de salto de directorio podr\u00c3\u00ada permitir a un atacante remoto con acceso de red al servidor web integrado (80/tcp y 443/tcp) obtener informaci\u00c3\u00b3n de la estructura del sistema de archivos de los dispositivos afectados.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"productcert@siemens.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-538\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5\",\"matchCriteriaId\":\"2449F533-CA42-44D4-B69E-B7B9F3A4EAD9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B73DAA70-4CFB-4E63-ADC7-EC8A93E0BBBB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5\",\"matchCriteriaId\":\"B1604D4C-3E06-46D0-8D39-0A5BC7CE5A1D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9485F0B-03E0-4442-B615-2DA91AE1CD00\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5\",\"matchCriteriaId\":\"23756E05-4AD6-4888-AC07-C8E906CA5722\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D32EF0-8AEC-4594-8928-45F34DC60600\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.5\",\"matchCriteriaId\":\"AB1AF7BE-295B-4386-81F3-B08A1E15DD5F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00C647D8-1725-42FA-8042-6C413EE67573\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/101248\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf\",\"source\":\"productcert@siemens.com\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/101248\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2017-AVI-349

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans SCADA Siemens BACnet field panels. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

None

Impacted products

	Vendor	Product	Description
	Siemens	N/A	TALON TC BACnet Automation Controllers toutes versions antérieures à 3.5
	Siemens	N/A	APOGEE PXC BACnet Automation Controllers toutes versions antérieures à 3.5

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-148078 du 12 octobre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TALON TC BACnet Automation Controllers toutes versions ant\u00e9rieures \u00e0 3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC BACnet Automation Controllers toutes versions ant\u00e9rieures \u00e0 3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n",
  "cves": [
    {
      "name": "CVE-2017-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9947"
    },
    {
      "name": "CVE-2017-9946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9946"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-349",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans SCADA Siemens BACnet field\npanels. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans SCADA Siemens BACnet field panels",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-148078 du 12 octobre 2017",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-148078.pdf"
    }
  ]
}

CERTFR-2022-AVI-547

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Teamcenter Active Workspace V5.2 versions antérieures à V5.2.9
Siemens	N/A	SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions
Siemens	N/A	EN100 Ethernet module PROFINET IO variant toutes versions
Siemens	N/A	SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions antérieures à V6.5
Siemens	N/A	Teamcenter V12.4 versions antérieures à V12.4.0.13
Siemens	N/A	SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions
Siemens	N/A	SIMATIC CP 1543-1 (incl. SIPLUS variants) versions antérieures à V3.0
Siemens	N/A	SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions
Siemens	N/A	APOGEE PXC Modular (P2 Ethernet) toutes versions
Siemens	N/A	SIMATIC MV550 H (6GF3550-0GE10) toutes versions
Siemens	N/A	SIMATIC MV560 U (6GF3560-0LE10) toutes versions
Siemens	N/A	SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions antérieures à V1.1
Siemens	N/A	SIMATIC CP 1626 (6GK1162-6AA01) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions antérieures à V6.5
Siemens	N/A	TIA Portal V16 toutes versions
Siemens	N/A	RUGGEDCOM CROSSBOW Station Access Controller toutes versions
Siemens	N/A	Industrial Edge - OPC UA Connector toutes versions
Siemens	N/A	SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions
Siemens	N/A	Xpedition Designer versions antérieures à X.2.11
Siemens	N/A	SIMATIC S7-1500 Software Controller (incl. F) toutes versions
Siemens	N/A	SICAM GridEdge Essential ARM (6MD7881-2AA30) versions antérieures à V2.6.6
Siemens	N/A	SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions
Siemens	N/A	SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions antérieures à V2.6.6
Siemens	N/A	SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions
Siemens	N/A	SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions antérieures à V2.3.1
Siemens	N/A	Teamcenter V13.2 toutes versions
Siemens	N/A	RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions
Siemens	N/A	SIMATIC RF650R (6GT2811-6AB20) versions antérieures à V4.0.1
Siemens	N/A	SIMATIC PDM toutes versions
Siemens	N/A	RUGGEDCOM NMS toutes versions
Siemens	N/A	TIA Administrator toutes versions
Siemens	N/A	SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions
Siemens	N/A	SIMATIC NET PC Software V15 toutes versions
Siemens	N/A	EN100 Ethernet module IEC 104 variant toutes versions
Siemens	N/A	SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions
Siemens	N/A	Mendix SAML Module (Mendix 9 compatible) versions antérieures à 3.2.3
Siemens	N/A	SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions antérieures à V6.5
Siemens	N/A	SIMATIC NET PC Software V17 toutes versions
Siemens	N/A	Spectrum Power MGMS toutes versions using Shared HIS
Siemens	N/A	SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions antérieures à V6.5
Siemens	N/A	SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions antérieures à V2.3.1
Siemens	N/A	SIMATIC RF188C (6GT2002-0JE40) versions antérieures à V2.0.1
Siemens	N/A	SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions
Siemens	N/A	SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions antérieures à V2.6.6
Siemens	N/A	SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions antérieures à V6.5
Siemens	N/A	SIMATIC RF680R (6GT2811-6AA10) versions antérieures à V4.0.1
Siemens	N/A	SINUMERIK Edge versions antérieures à V3.3.0
Siemens	N/A	SIMATIC PCS 7 TeleControl toutes versions
Siemens	N/A	SIMATIC CP 1628 (6GK1162-8AA00) toutes versions
Siemens	N/A	Teamcenter V13.3 versions antérieures à V13.3.0.3
Siemens	N/A	SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions
Siemens	N/A	Spectrum Power 4 toutes versions using Shared HIS
Siemens	N/A	SINEC NMS toutes versions
Siemens	N/A	SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions
Siemens	N/A	SIMATIC RF360R (6GT2801-5BA30) versions antérieures à V2.0.1
Siemens	N/A	SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions
Siemens	N/A	SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions antérieures à V6.5
Siemens	N/A	Industrial Edge - SIMATIC S7 Connector App versions antérieures à V1.7.0
Siemens	N/A	SIMATIC RF185C (6GT2002-0JE10) versions antérieures à V2.0.1
Siemens	N/A	SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions
Siemens	N/A	SIMATIC RF188CI (6GT2002-0JE60) versions antérieures à V2.0.1
Siemens	N/A	SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions
Siemens	N/A	SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions antérieures à V6.5
Siemens	N/A	EN100 Ethernet module DNP3 IP variant toutes versions
Siemens	N/A	APOGEE PXC Modular (BACnet) versions antérieures à V3.5
Siemens	N/A	Mendix SAML Module (Mendix 8 compatible) versions antérieures à 2.2.2
Siemens	N/A	SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions
Siemens	N/A	SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions antérieures à V2.0
Siemens	N/A	SIMATIC STEP 7 V5.X toutes versions
Siemens	N/A	SIMATIC RF166C (6GT2002-0EE20) versions antérieures à V2.0.1
Siemens	N/A	EN100 Ethernet module Modbus TCP variant toutes versions
Siemens	N/A	SIMATIC NET PC Software V14 toutes versions
Siemens	N/A	SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions antérieures à V6.5
Siemens	N/A	SIMATIC Logon toutes versions
Siemens	N/A	SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions antérieures à V6.5
Siemens	N/A	SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions
Siemens	N/A	SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions antérieures à V6.5
Siemens	N/A	SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions antérieures à V6.5
Siemens	N/A	SICAM GridEdge Essential Intel (6MD7881-2AA40) versions antérieures à V2.6.6
Siemens	N/A	SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions
Siemens	N/A	SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions antérieures à V6.5
Siemens	N/A	EN100 Ethernet module IEC 61850 variant versions antérieures à V4.37
Siemens	N/A	SINEMA Server V14 toutes versions
Siemens	N/A	SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions
Siemens	N/A	SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions antérieures à V2.3.1
Siemens	N/A	SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions antérieures à V6.5
Siemens	N/A	SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions antérieures à V2.3.1
Siemens	N/A	SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions
Siemens	N/A	SIMATIC PCS neo toutes versions
Siemens	N/A	Teamcenter V13.1 versions antérieures à V13.1.0.9
Siemens	N/A	APOGEE PXC Compact (P2 Ethernet) toutes versions
Siemens	N/A	RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions
Siemens	N/A	SIMATIC WinCC (TIA Portal) toutes versions
Siemens	N/A	TALON TC Modular (BACnet) versions antérieures à V3.5
Siemens	N/A	SINEMA Remote Connect Server versions antérieures à 3.0 SP2
Siemens	N/A	RUGGEDCOM ROS Series toutes versions
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) toutes versions
Siemens	N/A	SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions
Siemens	N/A	SIMATIC MV550 S (6GF3550-0CD10) toutes versions
Siemens	N/A	SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions
Siemens	N/A	SIMATIC NET PC Software V16 toutes versions
Siemens	N/A	APOGEE PXC Compact (BACnet) versions antérieures à V3.5
Siemens	N/A	SINAUT Software ST7sc toutes versions
Siemens	N/A	Teamcenter V14.0 toutes versions
Siemens	N/A	SINAUT ST7CC toutes versions
Siemens	N/A	SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions
Siemens	N/A	SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions
Siemens	N/A	SIMATIC MV560 X (6GF3560-0HE10) toutes versions
Siemens	N/A	SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions antérieures à V6.5
Siemens	N/A	TIA Portal V15 toutes versions
Siemens	N/A	TIA Portal V17 toutes versions
Siemens	N/A	SINEMA Remote Connect Server versions antérieures à V3.1
Siemens	N/A	SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions antérieures à V6.5
Siemens	N/A	SIMATIC RF186C (6GT2002-0JE20) versions antérieures à V2.0.1
Siemens	N/A	SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions antérieures à V6.5
Siemens	N/A	SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions antérieures à V6.5
Siemens	N/A	TIA Portal Cloud toutes versions
Siemens	N/A	RUGGEDCOM ROX Series toutes versions
Siemens	N/A	SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions antérieures à V6.5
Siemens	N/A	SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions
Siemens	N/A	SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions
Siemens	N/A	TALON TC Compact (BACnet) versions antérieures à V3.5
Siemens	N/A	SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions
Siemens	N/A	SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions
Siemens	N/A	Spectrum Power 7 toutes versions using Shared HIS
Siemens	N/A	SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions antérieures à V6.5
Siemens	N/A	SIMATIC MV540 H (6GF3540-0GE10) toutes versions
Siemens	N/A	SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions
Siemens	N/A	SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions
Siemens	N/A	SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions
Siemens	N/A	SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions antérieures à V6.5
Siemens	N/A	SINEC INS toutes versions
Siemens	N/A	SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions
Siemens	N/A	SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions
Siemens	N/A	SIMATIC RF610R (6GT2811-6BC10) versions antérieures à V4.0.1
Siemens	N/A	SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions antérieures à V6.5
Siemens	N/A	Teamcenter V13.0 versions antérieures à V13.0.0.9
Siemens	N/A	SIMATIC RF186CI (6GT2002-0JE50) versions antérieures à V2.0.1
Siemens	N/A	Teamcenter Active Workspace V6.0 versions antérieures à V6.0.3
Siemens	N/A	SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions antérieures à V2.3.1
Siemens	N/A	SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions
Siemens	N/A	SIMATIC RF685R (6GT2811-6CA10) versions antérieures à V4.0.1
Siemens	N/A	SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions antérieures à V6.5
Siemens	N/A	SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions
Siemens	N/A	SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions antérieures à V6.5
Siemens	N/A	SIMATIC MV540 S (6GF3540-0CD10) toutes versions
Siemens	N/A	SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions
Siemens	N/A	SIMATIC RF615R (6GT2811-6CC10) versions antérieures à V4.0.1
Siemens	N/A	Industrial Edge - PROFINET IO Connector toutes versions
Siemens	N/A	SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions
Siemens	N/A	Mendix SAML Module (Mendix 7 compatible) versions antérieures à 1.16.6
Siemens	N/A	SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions antérieures à V6.5
Siemens	N/A	SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions antérieures à V6.5
Siemens	N/A	TeleControl Server Basic V3 toutes versions
Siemens	N/A	SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions
Siemens	N/A	SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions antérieures à V6.5
Siemens	N/A	SIMATIC S7-PLCSIM Advanced toutes versions
Siemens	N/A	TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions
Siemens	N/A	SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions
Siemens	N/A	SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-148078 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-220589 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-988345 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-484086 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-330556 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-145224 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-685781 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-693555 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-911567 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-401167 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-764417 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-712929 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-679335 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-388239 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-631336 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-740594 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-222547 du 14 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Teamcenter Active Workspace V5.2 versions ant\u00e9rieures \u00e0 V5.2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "EN100 Ethernet module PROFINET IO variant toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V12.4 versions ant\u00e9rieures \u00e0 V12.4.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV550 H (6GF3550-0GE10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV560 U (6GF3560-0LE10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1626 (6GK1162-6AA01) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V16 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM CROSSBOW Station Access Controller toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Industrial Edge - OPC UA Connector toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Xpedition Designer versions ant\u00e9rieures \u00e0 X.2.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller (incl. F) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridEdge Essential ARM (6MD7881-2AA30) versions ant\u00e9rieures \u00e0 V2.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions ant\u00e9rieures \u00e0 V2.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V13.2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF650R (6GT2811-6AB20) versions ant\u00e9rieures \u00e0 V4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PDM toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM NMS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Administrator toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "EN100 Ethernet module IEC 104 variant toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML Module (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 3.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V17 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Spectrum Power MGMS toutes versions using Shared HIS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions ant\u00e9rieures \u00e0 V2.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF680R (6GT2811-6AA10) versions ant\u00e9rieures \u00e0 V4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Edge versions ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 TeleControl toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1628 (6GK1162-8AA00) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Spectrum Power 4 toutes versions using Shared HIS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Industrial Edge - SIMATIC S7 Connector App versions ant\u00e9rieures \u00e0 V1.7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "EN100 Ethernet module DNP3 IP variant toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML Module (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V5.X toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "EN100 Ethernet module Modbus TCP variant toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V14 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Logon toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridEdge Essential Intel (6MD7881-2AA40) versions ant\u00e9rieures \u00e0 V2.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "EN100 Ethernet module IEC 61850 variant versions ant\u00e9rieures \u00e0 V4.37",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Server V14 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V13.1 versions ant\u00e9rieures \u00e0 V13.1.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TALON TC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROS Series toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV550 S (6GF3550-0CD10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V16 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAUT Software ST7sc toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V14.0 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAUT ST7CC toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV560 X (6GF3560-0HE10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V17 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX Series toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TALON TC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Spectrum Power 7 toutes versions using Shared HIS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV540 H (6GF3540-0GE10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC INS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF610R (6GT2811-6BC10) versions ant\u00e9rieures \u00e0 V4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V13.0 versions ant\u00e9rieures \u00e0 V13.0.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace V6.0 versions ant\u00e9rieures \u00e0 V6.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF685R (6GT2811-6CA10) versions ant\u00e9rieures \u00e0 V4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV540 S (6GF3540-0CD10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF615R (6GT2811-6CC10) versions ant\u00e9rieures \u00e0 V4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Industrial Edge - PROFINET IO Connector toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML Module (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 1.16.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TeleControl Server Basic V3 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM Advanced toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32285"
    },
    {
      "name": "CVE-2022-32286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32286"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2021-20317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20317"
    },
    {
      "name": "CVE-2022-32258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32258"
    },
    {
      "name": "CVE-2021-41091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41091"
    },
    {
      "name": "CVE-2021-22925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
    },
    {
      "name": "CVE-2022-30231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30231"
    },
    {
      "name": "CVE-2021-33196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
    },
    {
      "name": "CVE-2022-32254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32254"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2022-32145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32145"
    },
    {
      "name": "CVE-2022-32259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32259"
    },
    {
      "name": "CVE-2022-32262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32262"
    },
    {
      "name": "CVE-2017-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9947"
    },
    {
      "name": "CVE-2022-32255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32255"
    },
    {
      "name": "CVE-2020-27304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27304"
    },
    {
      "name": "CVE-2022-25315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
    },
    {
      "name": "CVE-2022-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
    },
    {
      "name": "CVE-2022-32252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32252"
    },
    {
      "name": "CVE-2021-22924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
    },
    {
      "name": "CVE-2022-25313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2021-37182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37182"
    },
    {
      "name": "CVE-2020-9272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9272"
    },
    {
      "name": "CVE-2021-39293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
    },
    {
      "name": "CVE-2021-33910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2022-25314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
    },
    {
      "name": "CVE-2022-23990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
    },
    {
      "name": "CVE-2022-26476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26476"
    },
    {
      "name": "CVE-2022-25235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
    },
    {
      "name": "CVE-2022-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
    },
    {
      "name": "CVE-2022-30228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30228"
    },
    {
      "name": "CVE-2021-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
    },
    {
      "name": "CVE-2021-41092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41092"
    },
    {
      "name": "CVE-2022-32251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32251"
    },
    {
      "name": "CVE-2021-34798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
    },
    {
      "name": "CVE-2021-36221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
    },
    {
      "name": "CVE-2021-41089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
    },
    {
      "name": "CVE-2022-30230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30230"
    },
    {
      "name": "CVE-2020-9273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9273"
    },
    {
      "name": "CVE-2022-30229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30229"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2022-29034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29034"
    },
    {
      "name": "CVE-2022-30937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30937"
    },
    {
      "name": "CVE-2022-25236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2022-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27219"
    },
    {
      "name": "CVE-2022-27221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27221"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2022-31619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31619"
    },
    {
      "name": "CVE-2022-32261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32261"
    },
    {
      "name": "CVE-2022-32260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32260"
    },
    {
      "name": "CVE-2021-40438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
    },
    {
      "name": "CVE-2021-4034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2022-27220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27220"
    },
    {
      "name": "CVE-2022-31465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31465"
    },
    {
      "name": "CVE-2017-9946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9946"
    },
    {
      "name": "CVE-2021-41103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
    },
    {
      "name": "CVE-2022-32253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32253"
    },
    {
      "name": "CVE-2022-32256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32256"
    },
    {
      "name": "CVE-2021-37209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37209"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-547",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-148078 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-148078.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-220589 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-220589.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-988345 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-988345.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-484086 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-330556 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-330556.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-145224 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-145224.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-685781 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-685781.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-693555 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-693555.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-911567 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-911567.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-401167 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-401167.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-764417 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-764417.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-712929 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-712929.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-679335 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-679335.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-388239 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-388239.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-631336 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-631336.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-740594 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-740594.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-222547 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-222547.html"
    }
  ]
}

CERTFR-2017-AVI-349

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans SCADA Siemens BACnet field panels. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

None

Impacted products

	Vendor	Product	Description
	Siemens	N/A	TALON TC BACnet Automation Controllers toutes versions antérieures à 3.5
	Siemens	N/A	APOGEE PXC BACnet Automation Controllers toutes versions antérieures à 3.5

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens SSA-148078 du 12 octobre 2017

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TALON TC BACnet Automation Controllers toutes versions ant\u00e9rieures \u00e0 3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC BACnet Automation Controllers toutes versions ant\u00e9rieures \u00e0 3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n",
  "cves": [
    {
      "name": "CVE-2017-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9947"
    },
    {
      "name": "CVE-2017-9946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9946"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-349",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2017-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans SCADA Siemens BACnet field\npanels. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans SCADA Siemens BACnet field panels",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-148078 du 12 octobre 2017",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_SSA-148078.pdf"
    }
  ]
}

CERTFR-2022-AVI-547

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Teamcenter Active Workspace V5.2 versions antérieures à V5.2.9
Siemens	N/A	SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions
Siemens	N/A	EN100 Ethernet module PROFINET IO variant toutes versions
Siemens	N/A	SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions antérieures à V6.5
Siemens	N/A	Teamcenter V12.4 versions antérieures à V12.4.0.13
Siemens	N/A	SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions
Siemens	N/A	SIMATIC CP 1543-1 (incl. SIPLUS variants) versions antérieures à V3.0
Siemens	N/A	SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions
Siemens	N/A	APOGEE PXC Modular (P2 Ethernet) toutes versions
Siemens	N/A	SIMATIC MV550 H (6GF3550-0GE10) toutes versions
Siemens	N/A	SIMATIC MV560 U (6GF3560-0LE10) toutes versions
Siemens	N/A	SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions antérieures à V1.1
Siemens	N/A	SIMATIC CP 1626 (6GK1162-6AA01) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions antérieures à V6.5
Siemens	N/A	TIA Portal V16 toutes versions
Siemens	N/A	RUGGEDCOM CROSSBOW Station Access Controller toutes versions
Siemens	N/A	Industrial Edge - OPC UA Connector toutes versions
Siemens	N/A	SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions
Siemens	N/A	Xpedition Designer versions antérieures à X.2.11
Siemens	N/A	SIMATIC S7-1500 Software Controller (incl. F) toutes versions
Siemens	N/A	SICAM GridEdge Essential ARM (6MD7881-2AA30) versions antérieures à V2.6.6
Siemens	N/A	SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions
Siemens	N/A	SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions antérieures à V2.6.6
Siemens	N/A	SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions
Siemens	N/A	SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions antérieures à V2.3.1
Siemens	N/A	Teamcenter V13.2 toutes versions
Siemens	N/A	RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions
Siemens	N/A	SIMATIC RF650R (6GT2811-6AB20) versions antérieures à V4.0.1
Siemens	N/A	SIMATIC PDM toutes versions
Siemens	N/A	RUGGEDCOM NMS toutes versions
Siemens	N/A	TIA Administrator toutes versions
Siemens	N/A	SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions
Siemens	N/A	SIMATIC NET PC Software V15 toutes versions
Siemens	N/A	EN100 Ethernet module IEC 104 variant toutes versions
Siemens	N/A	SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions
Siemens	N/A	Mendix SAML Module (Mendix 9 compatible) versions antérieures à 3.2.3
Siemens	N/A	SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions antérieures à V6.5
Siemens	N/A	SIMATIC NET PC Software V17 toutes versions
Siemens	N/A	Spectrum Power MGMS toutes versions using Shared HIS
Siemens	N/A	SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions antérieures à V6.5
Siemens	N/A	SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions antérieures à V2.3.1
Siemens	N/A	SIMATIC RF188C (6GT2002-0JE40) versions antérieures à V2.0.1
Siemens	N/A	SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions
Siemens	N/A	SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions antérieures à V2.6.6
Siemens	N/A	SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions antérieures à V6.5
Siemens	N/A	SIMATIC RF680R (6GT2811-6AA10) versions antérieures à V4.0.1
Siemens	N/A	SINUMERIK Edge versions antérieures à V3.3.0
Siemens	N/A	SIMATIC PCS 7 TeleControl toutes versions
Siemens	N/A	SIMATIC CP 1628 (6GK1162-8AA00) toutes versions
Siemens	N/A	Teamcenter V13.3 versions antérieures à V13.3.0.3
Siemens	N/A	SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions
Siemens	N/A	Spectrum Power 4 toutes versions using Shared HIS
Siemens	N/A	SINEC NMS toutes versions
Siemens	N/A	SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions
Siemens	N/A	SIMATIC RF360R (6GT2801-5BA30) versions antérieures à V2.0.1
Siemens	N/A	SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions
Siemens	N/A	SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions antérieures à V6.5
Siemens	N/A	Industrial Edge - SIMATIC S7 Connector App versions antérieures à V1.7.0
Siemens	N/A	SIMATIC RF185C (6GT2002-0JE10) versions antérieures à V2.0.1
Siemens	N/A	SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions
Siemens	N/A	SIMATIC RF188CI (6GT2002-0JE60) versions antérieures à V2.0.1
Siemens	N/A	SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions
Siemens	N/A	SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions antérieures à V6.5
Siemens	N/A	EN100 Ethernet module DNP3 IP variant toutes versions
Siemens	N/A	APOGEE PXC Modular (BACnet) versions antérieures à V3.5
Siemens	N/A	Mendix SAML Module (Mendix 8 compatible) versions antérieures à 2.2.2
Siemens	N/A	SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions
Siemens	N/A	SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions antérieures à V2.0
Siemens	N/A	SIMATIC STEP 7 V5.X toutes versions
Siemens	N/A	SIMATIC RF166C (6GT2002-0EE20) versions antérieures à V2.0.1
Siemens	N/A	EN100 Ethernet module Modbus TCP variant toutes versions
Siemens	N/A	SIMATIC NET PC Software V14 toutes versions
Siemens	N/A	SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions antérieures à V6.5
Siemens	N/A	SIMATIC Logon toutes versions
Siemens	N/A	SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions antérieures à V6.5
Siemens	N/A	SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions
Siemens	N/A	SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions antérieures à V6.5
Siemens	N/A	SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions antérieures à V6.5
Siemens	N/A	SICAM GridEdge Essential Intel (6MD7881-2AA40) versions antérieures à V2.6.6
Siemens	N/A	SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions
Siemens	N/A	SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions antérieures à V6.5
Siemens	N/A	EN100 Ethernet module IEC 61850 variant versions antérieures à V4.37
Siemens	N/A	SINEMA Server V14 toutes versions
Siemens	N/A	SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions
Siemens	N/A	SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions antérieures à V2.3.1
Siemens	N/A	SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions antérieures à V6.5
Siemens	N/A	SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions antérieures à V2.3.1
Siemens	N/A	SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions
Siemens	N/A	SIMATIC PCS neo toutes versions
Siemens	N/A	Teamcenter V13.1 versions antérieures à V13.1.0.9
Siemens	N/A	APOGEE PXC Compact (P2 Ethernet) toutes versions
Siemens	N/A	RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions
Siemens	N/A	SIMATIC WinCC (TIA Portal) toutes versions
Siemens	N/A	TALON TC Modular (BACnet) versions antérieures à V3.5
Siemens	N/A	SINEMA Remote Connect Server versions antérieures à 3.0 SP2
Siemens	N/A	RUGGEDCOM ROS Series toutes versions
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) toutes versions
Siemens	N/A	SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions
Siemens	N/A	SIMATIC MV550 S (6GF3550-0CD10) toutes versions
Siemens	N/A	SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions
Siemens	N/A	SIMATIC NET PC Software V16 toutes versions
Siemens	N/A	APOGEE PXC Compact (BACnet) versions antérieures à V3.5
Siemens	N/A	SINAUT Software ST7sc toutes versions
Siemens	N/A	Teamcenter V14.0 toutes versions
Siemens	N/A	SINAUT ST7CC toutes versions
Siemens	N/A	SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions
Siemens	N/A	SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions
Siemens	N/A	SIMATIC MV560 X (6GF3560-0HE10) toutes versions
Siemens	N/A	SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions antérieures à V6.5
Siemens	N/A	TIA Portal V15 toutes versions
Siemens	N/A	TIA Portal V17 toutes versions
Siemens	N/A	SINEMA Remote Connect Server versions antérieures à V3.1
Siemens	N/A	SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions antérieures à V6.5
Siemens	N/A	SIMATIC RF186C (6GT2002-0JE20) versions antérieures à V2.0.1
Siemens	N/A	SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions antérieures à V6.5
Siemens	N/A	SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions antérieures à V6.5
Siemens	N/A	TIA Portal Cloud toutes versions
Siemens	N/A	RUGGEDCOM ROX Series toutes versions
Siemens	N/A	SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions antérieures à V6.5
Siemens	N/A	SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions
Siemens	N/A	SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions
Siemens	N/A	TALON TC Compact (BACnet) versions antérieures à V3.5
Siemens	N/A	SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions
Siemens	N/A	SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions
Siemens	N/A	Spectrum Power 7 toutes versions using Shared HIS
Siemens	N/A	SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions antérieures à V6.5
Siemens	N/A	SIMATIC MV540 H (6GF3540-0GE10) toutes versions
Siemens	N/A	SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions
Siemens	N/A	SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions
Siemens	N/A	SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions
Siemens	N/A	SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions antérieures à V6.5
Siemens	N/A	SINEC INS toutes versions
Siemens	N/A	SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions
Siemens	N/A	SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions
Siemens	N/A	SIMATIC RF610R (6GT2811-6BC10) versions antérieures à V4.0.1
Siemens	N/A	SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions
Siemens	N/A	SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions antérieures à V6.5
Siemens	N/A	Teamcenter V13.0 versions antérieures à V13.0.0.9
Siemens	N/A	SIMATIC RF186CI (6GT2002-0JE50) versions antérieures à V2.0.1
Siemens	N/A	Teamcenter Active Workspace V6.0 versions antérieures à V6.0.3
Siemens	N/A	SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions antérieures à V2.3.1
Siemens	N/A	SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions
Siemens	N/A	SIMATIC RF685R (6GT2811-6CA10) versions antérieures à V4.0.1
Siemens	N/A	SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions antérieures à V6.5
Siemens	N/A	SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions
Siemens	N/A	SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions antérieures à V6.5
Siemens	N/A	SIMATIC MV540 S (6GF3540-0CD10) toutes versions
Siemens	N/A	SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions
Siemens	N/A	SIMATIC RF615R (6GT2811-6CC10) versions antérieures à V4.0.1
Siemens	N/A	Industrial Edge - PROFINET IO Connector toutes versions
Siemens	N/A	SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions
Siemens	N/A	Mendix SAML Module (Mendix 7 compatible) versions antérieures à 1.16.6
Siemens	N/A	SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions antérieures à V6.5
Siemens	N/A	SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions antérieures à V6.5
Siemens	N/A	TeleControl Server Basic V3 toutes versions
Siemens	N/A	SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions
Siemens	N/A	SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions antérieures à V6.5
Siemens	N/A	SIMATIC S7-PLCSIM Advanced toutes versions
Siemens	N/A	TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions
Siemens	N/A	SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions
Siemens	N/A	SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-148078 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-220589 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-988345 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-484086 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-330556 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-145224 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-685781 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-693555 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-911567 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-401167 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-764417 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-712929 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-679335 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-388239 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-631336 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-740594 du 14 juin 2022	None	vendor-advisory
Bulletin de sécurité Siemens ssa-222547 du 14 juin 2022	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Teamcenter Active Workspace V5.2 versions ant\u00e9rieures \u00e0 V5.2.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 443-1 OPC UA (6GK7443-1UX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "EN100 Ethernet module PROFINET IO variant toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V12.4 versions ant\u00e9rieures \u00e0 V12.4.0.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV550 H (6GF3550-0GE10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV560 U (6GF3560-0LE10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) versions ant\u00e9rieures \u00e0 V1.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1626 (6GK1162-6AA01) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 1x230V (L3 int.) (6GK5524-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V16 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM CROSSBOW Station Access Controller toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Industrial Edge - OPC UA Connector toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Xpedition Designer versions ant\u00e9rieures \u00e0 X.2.11",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller (incl. F) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridEdge Essential ARM (6MD7881-2AA30) versions ant\u00e9rieures \u00e0 V2.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridEdge Essential with GDS Intel (6MD7881-2AA20) versions ant\u00e9rieures \u00e0 V2.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC632-2C (6GK5632-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V13.2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF650R (6GT2811-6AB20) versions ant\u00e9rieures \u00e0 V4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PDM toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM NMS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Administrator toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "EN100 Ethernet module IEC 104 variant toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET CP 1543-1 (6AG1543-1AX00-2XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML Module (Mendix 9 compatible) versions ant\u00e9rieures \u00e0 3.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM408-4C (6GK5408-4GP00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V17 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Spectrum Power MGMS toutes versions using Shared HIS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM408-8C (L3 int.) (6GK5408-8GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC636-2C (6GK5636-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188C (6GT2002-0JE40) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridEdge Essential with GDS ARM (6MD7881-2AA10) versions ant\u00e9rieures \u00e0 V2.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 24V (6GK5526-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF680R (6GT2811-6AA10) versions ant\u00e9rieures \u00e0 V4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Edge versions ant\u00e9rieures \u00e0 V3.3.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 TeleControl toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1628 (6GK1162-8AA00) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V13.3 versions ant\u00e9rieures \u00e0 V13.3.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M876-3 (EVDO) (6GK5876-3AA02-2BA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Spectrum Power 4 toutes versions using Shared HIS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M804PB (6GK5804-0AP00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF360R (6GT2801-5BA30) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 Advanced (6GK7343-1GX31-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 24V (L3 int.) (6GK5524-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Industrial Edge - SIMATIC S7 Connector App versions ant\u00e9rieures \u00e0 V1.7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF185C (6GT2002-0JE10) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF188CI (6GT2002-0JE60) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 24V (L3 int.) (6GK5526-8GR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "EN100 Ethernet module DNP3 IP variant toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML Module (Mendix 8 compatible) versions ant\u00e9rieures \u00e0 2.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE LPE9403 (6GK5998-3GS00-2AC2) versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V5.X toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF166C (6GT2002-0EE20) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "EN100 Ethernet module Modbus TCP variant toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V14 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR528-6M (L3 int.) (6GK5528-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Logon toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM408-4C (L3 int.) (6GK5408-4GQ00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR528-6M (6GK5528-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 2x230V (6GK5526-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridEdge Essential Intel (6MD7881-2AA40) versions ant\u00e9rieures \u00e0 V2.6.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M874-3 (6GK5874-3AA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR552-12M (2HR2) (6GK5552-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "EN100 Ethernet module IEC 61850 variant versions ant\u00e9rieures \u00e0 V4.37",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Server V14 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC642-2C (6GK5642-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 24V (6GK5524-8GS00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC622-2C (6GK5622-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V13.1 versions ant\u00e9rieures \u00e0 V13.1.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (P2 Ethernet) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TALON TC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 3.0 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROS Series toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV550 S (6GF3550-0CD10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V16 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAUT Software ST7sc toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V14.0 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAUT ST7CC toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV560 X (6GF3560-0HE10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR552-12M (6GK5552-0AA00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal V17 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM416-4C (L3 int.) (6GK5416-4GR00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186C (6GT2002-0JE20) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 1x230V (6GK5526-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR552-12M (2HR2, L3 int.) (6GK5552-0AR00-2AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIA Portal Cloud toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM ROX Series toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 2x230V (L3 int.) (6GK5524-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TALON TC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS NET CP 343-1 Advanced (6AG1343-1GX31-4XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Spectrum Power 7 toutes versions using Shared HIS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S615 (6GK5615-0AA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 1x230V (6GK5524-8GS00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV540 H (6GF3540-0GE10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M874-2 (6GK5874-2AA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR528-6M (2HR2) (6GK5528-0AA00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC INS toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543-1 (6GK7543-1AX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF610R (6GT2811-6BC10) versions ant\u00e9rieures \u00e0 V4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE MUM856-1 (NAM) (6GK5856-2EA00-3BA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR524-8C, 2x230V (6GK5524-8GS00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter V13.0 versions ant\u00e9rieures \u00e0 V13.0.0.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF186CI (6GT2002-0JE50) versions ant\u00e9rieures \u00e0 V2.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Active Workspace V6.0 versions ant\u00e9rieures \u00e0 V6.0.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE SC646-2C (6GK5646-2GS00-2AC2) toutes versions versions ant\u00e9rieures \u00e0 V2.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1545-1 (6GK7545-1GX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF685R (6GT2811-6CA10) versions ant\u00e9rieures \u00e0 V4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM416-4C (6GK5416-4GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM408-8C (6GK5408-8GS00-2AM2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV540 S (6GF3540-0CD10) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF615R (6GT2811-6CC10) versions ant\u00e9rieures \u00e0 V4.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Industrial Edge - PROFINET IO Connector toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix SAML Module (Mendix 7 compatible) versions ant\u00e9rieures \u00e0 1.16.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR528-6M (2HR2, L3 int.) (6GK5528-0AR00-2HR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 1x230V (L3 int.) (6GK5526-8GR00-3AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TeleControl Server Basic V3 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE MUM853-1 (RoW) (6GK5853-2EA00-2AA1) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR526-8C, 2x230V (L3 int.) (6GK5526-8GR00-4AR2) versions ant\u00e9rieures \u00e0 V6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM Advanced toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-32285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32285"
    },
    {
      "name": "CVE-2022-32286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32286"
    },
    {
      "name": "CVE-2021-45960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-45960"
    },
    {
      "name": "CVE-2021-20317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-20317"
    },
    {
      "name": "CVE-2022-32258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32258"
    },
    {
      "name": "CVE-2021-41091",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41091"
    },
    {
      "name": "CVE-2021-22925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22925"
    },
    {
      "name": "CVE-2022-30231",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30231"
    },
    {
      "name": "CVE-2021-33196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33196"
    },
    {
      "name": "CVE-2022-32254",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32254"
    },
    {
      "name": "CVE-2022-22823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22823"
    },
    {
      "name": "CVE-2022-32145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32145"
    },
    {
      "name": "CVE-2022-32259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32259"
    },
    {
      "name": "CVE-2022-32262",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32262"
    },
    {
      "name": "CVE-2017-9947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9947"
    },
    {
      "name": "CVE-2022-32255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32255"
    },
    {
      "name": "CVE-2020-27304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27304"
    },
    {
      "name": "CVE-2022-25315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25315"
    },
    {
      "name": "CVE-2022-22822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22822"
    },
    {
      "name": "CVE-2022-32252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32252"
    },
    {
      "name": "CVE-2021-22924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-22924"
    },
    {
      "name": "CVE-2022-25313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25313"
    },
    {
      "name": "CVE-2021-39275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39275"
    },
    {
      "name": "CVE-2021-37182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37182"
    },
    {
      "name": "CVE-2020-9272",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9272"
    },
    {
      "name": "CVE-2021-39293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39293"
    },
    {
      "name": "CVE-2021-33910",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-33910"
    },
    {
      "name": "CVE-2022-23852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23852"
    },
    {
      "name": "CVE-2022-22825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22825"
    },
    {
      "name": "CVE-2022-25314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25314"
    },
    {
      "name": "CVE-2022-23990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23990"
    },
    {
      "name": "CVE-2022-26476",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-26476"
    },
    {
      "name": "CVE-2022-25235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25235"
    },
    {
      "name": "CVE-2022-0847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0847"
    },
    {
      "name": "CVE-2022-30228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30228"
    },
    {
      "name": "CVE-2021-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-46143"
    },
    {
      "name": "CVE-2021-41092",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41092"
    },
    {
      "name": "CVE-2022-32251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32251"
    },
    {
      "name": "CVE-2021-34798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-34798"
    },
    {
      "name": "CVE-2021-36221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-36221"
    },
    {
      "name": "CVE-2021-41089",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41089"
    },
    {
      "name": "CVE-2022-30230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30230"
    },
    {
      "name": "CVE-2020-9273",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-9273"
    },
    {
      "name": "CVE-2022-30229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30229"
    },
    {
      "name": "CVE-2022-22827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22827"
    },
    {
      "name": "CVE-2022-29034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-29034"
    },
    {
      "name": "CVE-2022-30937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30937"
    },
    {
      "name": "CVE-2022-25236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-25236"
    },
    {
      "name": "CVE-2022-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-0778"
    },
    {
      "name": "CVE-2022-27219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27219"
    },
    {
      "name": "CVE-2022-27221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27221"
    },
    {
      "name": "CVE-2022-22826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22826"
    },
    {
      "name": "CVE-2022-31619",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31619"
    },
    {
      "name": "CVE-2022-32261",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32261"
    },
    {
      "name": "CVE-2022-32260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32260"
    },
    {
      "name": "CVE-2021-40438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40438"
    },
    {
      "name": "CVE-2021-4034",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-4034"
    },
    {
      "name": "CVE-2022-22824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-22824"
    },
    {
      "name": "CVE-2022-27220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-27220"
    },
    {
      "name": "CVE-2022-31465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-31465"
    },
    {
      "name": "CVE-2017-9946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9946"
    },
    {
      "name": "CVE-2021-41103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-41103"
    },
    {
      "name": "CVE-2022-32253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32253"
    },
    {
      "name": "CVE-2022-32256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32256"
    },
    {
      "name": "CVE-2021-37209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-37209"
    }
  ],
  "links": [],
  "reference": "CERTFR-2022-AVI-547",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-148078 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-148078.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-220589 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-220589.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-988345 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-988345.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-484086 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-484086.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-330556 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-330556.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-145224 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-145224.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-685781 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-685781.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-693555 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-693555.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-911567 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-911567.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-401167 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-401167.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-764417 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-764417.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-712929 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-712929.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-679335 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-679335.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-388239 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-388239.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-631336 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-631336.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-740594 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-740594.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-222547 du 14 juin 2022",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-222547.html"
    }
  ]
}

SSA-148078

Vulnerability from csaf_siemens - Published: 2017-10-12 00:00 - Updated: 2022-06-14 00:00

Summary

SSA-148078: Multiple Vulnerabilities in APOGEE/TALON Field Panels

Notes

Summary

Multiple vulnerabilities in the APOGEE PXC and TALON TC series of products could allow unauthenticated attackers to download sensitive information through the integrated webserver. Siemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.

General Recommendations

As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Siemens Security Advisories are subject to the terms and conditions contained in Siemens' underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter "License Terms"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens' Global Website (https://www.siemens.com/terms_of_use, hereinafter "Terms of Use"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "RoseSecurity",
        "summary": "reporting the vulnerabilities for APOGEE PXC Series (P2 Ethernet) devices."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited.",
      "tlp": {
        "label": "WHITE"
      }
    },
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities in the APOGEE PXC and TALON TC series of products could allow unauthenticated attackers to download sensitive information through the integrated webserver.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "productcert@siemens.com",
      "name": "Siemens ProductCERT",
      "namespace": "https://www.siemens.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-148078: Multiple Vulnerabilities in APOGEE/TALON Field Panels - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
      },
      {
        "category": "self",
        "summary": "SSA-148078: Multiple Vulnerabilities in APOGEE/TALON Field Panels - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-148078.txt"
      },
      {
        "category": "self",
        "summary": "SSA-148078: Multiple Vulnerabilities in APOGEE/TALON Field Panels - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-148078.json"
      }
    ],
    "title": "SSA-148078: Multiple Vulnerabilities in APOGEE/TALON Field Panels",
    "tracking": {
      "current_release_date": "2022-06-14T00:00:00Z",
      "generator": {
        "engine": {
          "name": "Siemens ProductCERT CSAF Generator",
          "version": "1"
        }
      },
      "id": "SSA-148078",
      "initial_release_date": "2017-10-12T00:00:00Z",
      "revision_history": [
        {
          "date": "2017-10-12T00:00:00Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2022-06-14T00:00:00Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added APOGEE PXC Series (P2 Ethernet) devices"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V3.5",
                "product": {
                  "name": "APOGEE PXC Compact (BACnet)",
                  "product_id": "1"
                }
              }
            ],
            "category": "product_name",
            "name": "APOGEE PXC Compact (BACnet)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "APOGEE PXC Compact (P2 Ethernet)",
                  "product_id": "2"
                }
              }
            ],
            "category": "product_name",
            "name": "APOGEE PXC Compact (P2 Ethernet)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V3.5",
                "product": {
                  "name": "APOGEE PXC Modular (BACnet)",
                  "product_id": "3"
                }
              }
            ],
            "category": "product_name",
            "name": "APOGEE PXC Modular (BACnet)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "APOGEE PXC Modular (P2 Ethernet)",
                  "product_id": "4"
                }
              }
            ],
            "category": "product_name",
            "name": "APOGEE PXC Modular (P2 Ethernet)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V3.5",
                "product": {
                  "name": "TALON TC Compact (BACnet)",
                  "product_id": "5"
                }
              }
            ],
            "category": "product_name",
            "name": "TALON TC Compact (BACnet)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c V3.5",
                "product": {
                  "name": "TALON TC Modular (BACnet)",
                  "product_id": "6"
                }
              }
            ],
            "category": "product_name",
            "name": "TALON TC Modular (BACnet)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-9946",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6"
        ]
      },
      "references": [
        {
          "summary": "CVE-2017-9946 - APOGEE PXC Compact (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9946 - APOGEE PXC Modular (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9946 - TALON TC Compact (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9946 - TALON TC Modular (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9946 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2017-9946.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.5 or later version",
          "product_ids": [
            "1",
            "3",
            "5",
            "6"
          ],
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "category": "mitigation",
          "details": "Disable the integrated webserver",
          "product_ids": [
            "2",
            "4"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "2",
            "4"
          ]
        },
        {
          "category": "mitigation",
          "details": "Siemens recommends to disable the integrated webserver when not in use",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please contact your local Siemens office for additional support",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6"
          ]
        }
      ],
      "title": "CVE-2017-9946"
    },
    {
      "cve": "CVE-2017-9947",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "1",
          "2",
          "3",
          "4",
          "5",
          "6"
        ]
      },
      "references": [
        {
          "summary": "CVE-2017-9947 - APOGEE PXC Compact (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9947 - APOGEE PXC Modular (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9947 - TALON TC Compact (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9947 - TALON TC Modular (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9947 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2017-9947.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.5 or later version",
          "product_ids": [
            "1",
            "3",
            "5",
            "6"
          ],
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "category": "mitigation",
          "details": "Disable the integrated webserver",
          "product_ids": [
            "2",
            "4"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "2",
            "4"
          ]
        },
        {
          "category": "mitigation",
          "details": "Siemens recommends to disable the integrated webserver when not in use",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please contact your local Siemens office for additional support",
          "product_ids": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "1",
            "2",
            "3",
            "4",
            "5",
            "6"
          ]
        }
      ],
      "title": "CVE-2017-9947"
    }
  ]
}

GSD-2017-9947

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-9947

Aliases

CVE-2017-9947

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-9947",
    "description": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.",
    "id": "GSD-2017-9947"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-9947"
      ],
      "details": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.",
      "id": "GSD-2017-9947",
      "modified": "2023-12-13T01:21:07.692049Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2017-9947",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "APOGEE PXC and TALON TC BACnet Automation Controllers All versions \u003cV3.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-538: File and Directory Information Exposure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "101248",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101248"
          },
          {
            "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf",
            "refsource": "CONFIRM",
            "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf",
            "refsource": "CONFIRM",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
          },
          {
            "name": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2017-9947"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link",
                "Vendor Advisory"
              ],
              "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
            },
            {
              "name": "101248",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101248"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
            },
            {
              "name": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2023-05-09T16:27Z",
      "publishedDate": "2017-10-23T08:29Z"
    }
  }
}

VAR-201710-1428

Vulnerability from variot - Updated: 2023-12-18 12:57

A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. BACnet (Building Automation Control Network) is a data communication protocol for building automation and control networks. A directory traversal vulnerability exists in Siemens BACnet Field Panels. Multiple Siemens Products are prone to an authentication-bypass and directory-traversal vulnerabilities. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201710-1428",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "apogee pxc modular",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "apogee pxc",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "talon tc compact",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "talon tc modular",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "apogee pxc bacnet automation controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "talon tc bacnet automation controller",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "apogee pxc bacnet automation controllers",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v3.5"
      },
      {
        "model": "talon tc bacnet automation controllers",
        "scope": "lt",
        "trust": 0.6,
        "vendor": "siemens",
        "version": "v3.5"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.4,
        "vendor": "apogee pxc bacnet automation controller",
        "version": "*"
      },
      {
        "model": "talon tc bacnet automation controllers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.4"
      },
      {
        "model": "apogee pxc bacnet automation controllers",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.4"
      },
      {
        "model": "talon tc bacnet automation controllers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.5"
      },
      {
        "model": "apogee pxc bacnet automation controllers",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "siemens",
        "version": "3.5"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "BID",
        "id": "101248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "3.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "RoseSecurity reported the vulnerabilities for APOGEE PXC Series (P2 Ethernet) devices to Siemens.",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2017-9947",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-9947",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-29972",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.9 [IVD]"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "impactScore": 1.4,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2017-9947",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-9947",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-29972",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201710-1050",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "IVD",
            "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7",
            "trust": 0.2,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-9947",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. BACnet (Building Automation Control Network) is a data communication protocol for building automation and control networks. A directory traversal vulnerability exists in Siemens BACnet Field Panels. Multiple Siemens Products are prone to an authentication-bypass and directory-traversal vulnerabilities. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "BID",
        "id": "101248"
      },
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-9947",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-17-285-05",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "101248",
        "trust": 2.0
      },
      {
        "db": "SIEMENS",
        "id": "SSA-148078",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "169544",
        "trust": 1.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "5201F8EE-49EE-4F5D-9584-CEC33A2A5DE7",
        "trust": 0.2
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "db": "BID",
        "id": "101248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "id": "VAR-201710-1428",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      }
    ],
    "trust": 1.4638889000000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:57:11.344000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SSA-148078",
        "trust": 0.8,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
      },
      {
        "title": "Siemens BACnet Field Panels Directory Traversal Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/103553"
      },
      {
        "title": "Siemens APOGEE PXC BACnet Automation Controller  and Siemens TALON TC BACnet Automation Controller Repair measures for path traversal vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=75922"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/rosesecurity/apologee "
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "http://www.securityfocus.com/bid/101248"
      },
      {
        "trust": 1.7,
        "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-285-05"
      },
      {
        "trust": 1.7,
        "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
      },
      {
        "trust": 1.7,
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
      },
      {
        "trust": 1.6,
        "url": "http://packetstormsecurity.com/files/169544/siemens-apogee-pxc-talon-tc-authentication-bypass.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9947"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-9947"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-17-285-05"
      },
      {
        "trust": 0.3,
        "url": "http://subscriber.communications.siemens.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/22.html"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/rosesecurity/apologee"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.cisa.gov/uscert/ics/advisories/icsa-17-285-05"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "db": "BID",
        "id": "101248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "db": "BID",
        "id": "101248"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-13T00:00:00",
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "date": "2017-10-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "date": "2017-10-23T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "date": "2017-10-12T00:00:00",
        "db": "BID",
        "id": "101248"
      },
      {
        "date": "2017-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "date": "2017-10-23T08:29:00.867000",
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "date": "2017-10-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-10-13T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      },
      {
        "date": "2022-06-14T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-9947"
      },
      {
        "date": "2017-10-12T00:00:00",
        "db": "BID",
        "id": "101248"
      },
      {
        "date": "2017-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-009851"
      },
      {
        "date": "2023-05-09T16:27:57.397000",
        "db": "NVD",
        "id": "CVE-2017-9947"
      },
      {
        "date": "2022-10-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Siemens BACnet Field Panels Directory Traversal Vulnerability",
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-29972"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Path traversal",
    "sources": [
      {
        "db": "IVD",
        "id": "5201f8ee-49ee-4f5d-9584-cec33a2a5de7"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201710-1050"
      }
    ],
    "trust": 0.8
  }
}

FKIE_CVE-2017-9947

Vulnerability from fkie_nvd - Published: 2017-10-23 08:29 - Updated: 2025-04-20 01:37

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
productcert@siemens.com	http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html	Exploit, Third Party Advisory, VDB Entry
productcert@siemens.com	http://www.securityfocus.com/bid/101248	Broken Link, Third Party Advisory, VDB Entry
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf	Vendor Advisory
productcert@siemens.com	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf	Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101248	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf	Broken Link, Vendor Advisory

Impacted products

Vendor	Product	Version
siemens	apogee_pxc_firmware	*
siemens	apogee_pxc	-
siemens	apogee_pxc_modular_firmware	*
siemens	apogee_pxc_modular	-
siemens	talon_tc_compact_firmware	*
siemens	talon_tc_compact	-
siemens	talon_tc_modular_firmware	*
siemens	talon_tc_modular	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:apogee_pxc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2449F533-CA42-44D4-B69E-B7B9F3A4EAD9",
              "versionEndExcluding": "3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:apogee_pxc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B73DAA70-4CFB-4E63-ADC7-EC8A93E0BBBB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:apogee_pxc_modular_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1604D4C-3E06-46D0-8D39-0A5BC7CE5A1D",
              "versionEndExcluding": "3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:apogee_pxc_modular:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9485F0B-03E0-4442-B615-2DA91AE1CD00",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:talon_tc_compact_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "23756E05-4AD6-4888-AC07-C8E906CA5722",
              "versionEndExcluding": "3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:talon_tc_compact:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D32EF0-8AEC-4594-8928-45F34DC60600",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:talon_tc_modular_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB1AF7BE-295B-4386-81F3-B08A1E15DD5F",
              "versionEndExcluding": "3.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:talon_tc_modular:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00C647D8-1725-42FA-8042-6C413EE67573",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices."
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en Siemens APOGEE PXC y TALON TC BACnet Automation Controllers en todas las versiones anteriores a la V3.5. Una vulnerabilidad de salto de directorio podr\u00c3\u00ada permitir a un atacante remoto con acceso de red al servidor web integrado (80/tcp y 443/tcp) obtener informaci\u00c3\u00b3n de la estructura del sistema de archivos de los dispositivos afectados."
    }
  ],
  "id": "CVE-2017-9947",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-10-23T08:29:00.867",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101248"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101248"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-538"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSA-17-285-05

Vulnerability from csaf_cisa - Published: 2017-10-12 00:00 - Updated: 2022-06-14 00:00

Summary

Siemens BACnet Field Panels (Update A)

Notes

Summary

General Recommendations

Additional Resources

For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Advisory Conversion Disclaimer

This CISA CSAF advisory was converted from Siemens ProductCERT's CSAF advisory.

Critical infrastructure sectors

Multiple

Countries/areas deployed

Worldwide

Company headquarters location

Germany

Recommended Practices

CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.

Recommended Practices

Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.

Recommended Practices

Locate control system networks and remote devices behind firewalls and isolate them from business networks.

Recommended Practices

When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.

Recommended Practices

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Siemens ProductCERT",
        "summary": "reporting these vulnerabilities to CISA."
      },
      {
        "organization": "RoseSecurity",
        "summary": "reporting the vulnerabilities for APOGEE PXC Series (P2 Ethernet) devices."
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "notes": [
      {
        "category": "summary",
        "text": "Multiple vulnerabilities in the APOGEE PXC and TALON TC series of products could allow unauthenticated attackers to download sensitive information through the integrated webserver.\n\nSiemens has released updates for several affected products and recommends to update to the latest versions. Siemens recommends countermeasures for products where updates are not, or not yet available.",
        "title": "Summary"
      },
      {
        "category": "general",
        "text": "As a general security measure Siemens strongly recommends to protect network access to affected products with appropriate mechanisms. It is advised to follow recommended security practices in order to run the devices in a protected IT environment.",
        "title": "General Recommendations"
      },
      {
        "category": "general",
        "text": "For further inquiries on security vulnerabilities in Siemens products and solutions, please contact the Siemens ProductCERT: https://www.siemens.com/cert/advisories",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "Siemens Security Advisories are subject to the terms and conditions contained in Siemens\u0027 underlying license terms or other applicable agreements previously agreed to with Siemens (hereinafter \"License Terms\"). To the extent applicable to information, software or documentation made available in or through a Siemens Security Advisory, the Terms of Use of Siemens\u0027 Global Website (https://www.siemens.com/terms_of_use, hereinafter \"Terms of Use\"), in particular Sections 8-10 of the Terms of Use, shall apply additionally. In case of conflicts, the License Terms shall prevail over the Terms of Use.",
        "title": "Terms of Use"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "other",
        "text": "This CISA CSAF advisory was converted from Siemens ProductCERT\u0027s CSAF advisory.",
        "title": "Advisory Conversion Disclaimer"
      },
      {
        "category": "other",
        "text": "Multiple",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Germany",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the exploitation risk of this vulnerability.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the internet.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Locate control system networks and remote devices behind firewalls and isolate them from business networks.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most recent version available. Also recognize VPN is only as secure as its connected devices.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets. Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "central@cisa.dhs.gov",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "SSA-148078: Multiple Vulnerabilities in APOGEE/TALON Field Panels - CSAF Version",
        "url": "https://cert-portal.siemens.com/productcert/csaf/ssa-148078.json"
      },
      {
        "category": "self",
        "summary": "SSA-148078: Multiple Vulnerabilities in APOGEE/TALON Field Panels - TXT Version",
        "url": "https://cert-portal.siemens.com/productcert/txt/ssa-148078.txt"
      },
      {
        "category": "self",
        "summary": "SSA-148078: Multiple Vulnerabilities in APOGEE/TALON Field Panels - PDF Version",
        "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-285-05 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsa-17-285-05.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSA-17-285-05 - Web Version",
        "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-17-285-05"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/topics/industrial-control-systems"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Siemens BACnet Field Panels (Update A)",
    "tracking": {
      "current_release_date": "2022-06-14T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSA-17-285-05",
      "initial_release_date": "2017-10-12T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-10-12T00:00:00.000000Z",
          "legacy_version": "1.0",
          "number": "1",
          "summary": "Publication Date"
        },
        {
          "date": "2022-06-14T00:00:00.000000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added APOGEE PXC Series (P2 Ethernet) devices"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV3.5",
                "product": {
                  "name": "APOGEE PXC Compact (BACnet)",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "APOGEE PXC Compact (BACnet)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "APOGEE PXC Compact (P2 Ethernet)",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "APOGEE PXC Compact (P2 Ethernet)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV3.5",
                "product": {
                  "name": "APOGEE PXC Modular (BACnet)",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "APOGEE PXC Modular (BACnet)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:all/*",
                "product": {
                  "name": "APOGEE PXC Modular (P2 Ethernet)",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "APOGEE PXC Modular (P2 Ethernet)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV3.5",
                "product": {
                  "name": "TALON TC Compact (BACnet)",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "TALON TC Compact (BACnet)"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cV3.5",
                "product": {
                  "name": "TALON TC Modular (BACnet)",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "TALON TC Modular (BACnet)"
          }
        ],
        "category": "vendor",
        "name": "Siemens"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-9946",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2017-9946 - APOGEE PXC Compact (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9946 - APOGEE PXC Modular (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9946 - TALON TC Compact (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9946 - TALON TC Modular (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9946 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2017-9946.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.5 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "category": "mitigation",
          "details": "Disable the integrated webserver",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Siemens recommends to disable the integrated webserver when not in use",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please contact your local Siemens office for additional support",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2017-9946"
    },
    {
      "cve": "CVE-2017-9947",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006"
        ]
      },
      "references": [
        {
          "summary": "CVE-2017-9947 - APOGEE PXC Compact (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9947 - APOGEE PXC Modular (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9947 - TALON TC Compact (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9947 - TALON TC Modular (BACnet)",
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "summary": "CVE-2017-9947 Mitre 5.0 json",
          "url": "https://cert-portal.siemens.com/productcert/mitre/CVE-2017-9947.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Update to V3.5 or later version",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0003",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ],
          "url": "https://partnerportal.extranet.dc.siemens.com/"
        },
        {
          "category": "mitigation",
          "details": "Disable the integrated webserver",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "no_fix_planned",
          "details": "Currently no fix is planned",
          "product_ids": [
            "CSAFPID-0002",
            "CSAFPID-0004"
          ]
        },
        {
          "category": "mitigation",
          "details": "Siemens recommends to disable the integrated webserver when not in use",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        },
        {
          "category": "mitigation",
          "details": "Please contact your local Siemens office for additional support",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006"
          ]
        }
      ],
      "title": "CVE-2017-9947"
    }
  ]
}

GHSA-M28R-JG2J-26CV

Vulnerability from github – Published: 2022-05-13 01:36 – Updated: 2022-05-13 01:36

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-9947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22",
      "CWE-538"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-10-23T08:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions \u003cV3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices.",
  "id": "GHSA-m28r-jg2j-26cv",
  "modified": "2022-05-13T01:36:04Z",
  "published": "2022-05-13T01:36:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9947"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-148078.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-148078.pdf"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/169544/Siemens-APOGEE-PXC-TALON-TC-Authentication-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101248"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CNVD-2017-29972

Vulnerability from cnvd - Published: 2017-10-13

Title

Siemens BACnet Field Panels目录遍历漏洞

Description

BACnet (Building Automation Control Network) 是建筑物自动化和控制网络的数据通信协议。 Siemens BACnet Field Panels存在目录遍历漏洞。允许具有网络访问集成Web服务器（端口80/TCP和443/TCP）的远程攻击者获取有关受影响设备的文件系统结构的信息。

Severity

中

Patch Name

Siemens BACnet Field Panels目录遍历漏洞的补丁

Patch Description

Formal description

用户可联系供应商获得补丁信息： http://w3.usa.siemens.com/buildingtechnologies/us/en/contact-us/Pages/bt-contact-form.aspx

Reference

https://ics-cert.us-cert.gov/advisories/ICSA-17-285-05

Impacted products

Name
['Siemens APOGEE PXC BACnet Automation Controllers <V3.5', 'Siemens TALON TC BACnet Automation Controllers <V3.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-9947"
    }
  },
  "description": "BACnet (Building Automation Control Network) \u662f\u5efa\u7b51\u7269\u81ea\u52a8\u5316\u548c\u63a7\u5236\u7f51\u7edc\u7684\u6570\u636e\u901a\u4fe1\u534f\u8bae\u3002\r\n\r\nSiemens BACnet Field Panels\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u5141\u8bb8\u5177\u6709\u7f51\u7edc\u8bbf\u95ee\u96c6\u6210Web\u670d\u52a1\u5668\uff08\u7aef\u53e380/TCP\u548c443/TCP\uff09\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u83b7\u53d6\u6709\u5173\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u6587\u4ef6\u7cfb\u7edf\u7ed3\u6784\u7684\u4fe1\u606f\u3002",
  "discovererName": "Siemens",
  "formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttp://w3.usa.siemens.com/buildingtechnologies/us/en/contact-us/Pages/bt-contact-form.aspx",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-29972",
  "openTime": "2017-10-13",
  "patchDescription": "BACnet (Building Automation Control Network) \u662f\u5efa\u7b51\u7269\u81ea\u52a8\u5316\u548c\u63a7\u5236\u7f51\u7edc\u7684\u6570\u636e\u901a\u4fe1\u534f\u8bae\u3002\r\n\r\nSiemens BACnet Field Panels\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u3002\u5141\u8bb8\u5177\u6709\u7f51\u7edc\u8bbf\u95ee\u96c6\u6210Web\u670d\u52a1\u5668\uff08\u7aef\u53e380/TCP\u548c443/TCP\uff09\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u83b7\u53d6\u6709\u5173\u53d7\u5f71\u54cd\u8bbe\u5907\u7684\u6587\u4ef6\u7cfb\u7edf\u7ed3\u6784\u7684\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Siemens BACnet Field Panels\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Siemens APOGEE PXC BACnet Automation Controllers \u003cV3.5",
      "Siemens TALON TC BACnet Automation Controllers \u003cV3.5"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSA-17-285-05",
  "serverity": "\u4e2d",
  "submitTime": "2017-10-13",
  "title": "Siemens BACnet Field Panels\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-9947 (GCVE-0-2017-9947)

Solution

Contournement provisoire

Solution

Solution

Contournement provisoire

Solution

Tags

Sightings

Nomenclature