Vulnerability-Lookup

CVE-2019-0169 (GCVE-0-2019-0169)

Vulnerability from cvelistv5 – Published: 2019-12-18 21:07 – Updated: 2024-08-04 17:44

Summary

Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.

Severity

No CVSS data available.

CWE

Escalation of Privilege, Denial of Service, Information Disclosure

Assigner

intel

References

2 references

URL	Tags
https://www.intel.com/content/www/us/en/security-…	x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM

Impacted products

1 product

Vendor	Product	Version
n/a	Intel(R) TXE	Affected: See provided reference

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:44:14.755Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Intel(R) TXE",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "See provided reference"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Escalation of Privilege, Denial of Service, Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-02-11T11:06:01.000Z",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "ID": "CVE-2019-0169",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Intel(R) TXE",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "See provided reference"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Escalation of Privilege, Denial of Service, Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
              "refsource": "MISC",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2019-0169",
    "datePublished": "2019-12-18T21:07:38.000Z",
    "dateReserved": "2018-11-13T00:00:00.000Z",
    "dateUpdated": "2024-08-04T17:44:14.755Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2019-0169",
      "date": "2026-05-28",
      "epss": "0.00235",
      "percentile": "0.46518"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.8.70\", \"matchCriteriaId\": \"6CDF9B1B-4031-40EF-8516-60ABD2BBF1C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.10\", \"versionEndExcluding\": \"11.11.70\", \"matchCriteriaId\": \"2BEC9F8B-3830-4657-874A-521BB9D312F2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.20\", \"versionEndExcluding\": \"11.22.70\", \"matchCriteriaId\": \"58765D34-F8CD-48A2-BA46-F234C2A30B57\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0\", \"versionEndExcluding\": \"12.0.45\", \"matchCriteriaId\": \"BB1F8A4D-A2DF-44A8-BA4F-8868107C35A0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0\", \"versionEndExcluding\": \"3.1.70\", \"matchCriteriaId\": \"AD17A8EA-F595-4E4E-B694-FE07544E7945\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndExcluding\": \"4.0.20\", \"matchCriteriaId\": \"3BCB9B3C-C83A-4563-80F6-3AA50C16A118\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.\"}, {\"lang\": \"es\", \"value\": \"Un desbordamiento de la pila en el subsistema para Intel\\u00ae CSME versiones anteriores a 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel\\u00ae TXE versiones anteriores a 3.1.70 y 4.0.20, puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios, una divulgaci\\u00f3n de informaci\\u00f3n o una denegaci\\u00f3n de servicio por medio de un acceso adyacente.\"}]",
      "id": "CVE-2019-0169",
      "lastModified": "2024-11-21T04:16:23.887",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:A/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.8, \"accessVector\": \"ADJACENT_NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 6.5, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2019-12-18T22:15:11.940",
      "references": "[{\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf\", \"source\": \"secure@intel.com\"}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html\", \"source\": \"secure@intel.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@intel.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-0169\",\"sourceIdentifier\":\"secure@intel.com\",\"published\":\"2019-12-18T22:15:11.940\",\"lastModified\":\"2024-11-21T04:16:23.887\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de la pila en el subsistema para Intel\u00ae CSME versiones anteriores a 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel\u00ae TXE versiones anteriores a 3.1.70 y 4.0.20, puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios, una divulgaci\u00f3n de informaci\u00f3n o una denegaci\u00f3n de servicio por medio de un acceso adyacente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.8.70\",\"matchCriteriaId\":\"6CDF9B1B-4031-40EF-8516-60ABD2BBF1C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.10\",\"versionEndExcluding\":\"11.11.70\",\"matchCriteriaId\":\"2BEC9F8B-3830-4657-874A-521BB9D312F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.20\",\"versionEndExcluding\":\"11.22.70\",\"matchCriteriaId\":\"58765D34-F8CD-48A2-BA46-F234C2A30B57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.0.45\",\"matchCriteriaId\":\"BB1F8A4D-A2DF-44A8-BA4F-8868107C35A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0\",\"versionEndExcluding\":\"3.1.70\",\"matchCriteriaId\":\"AD17A8EA-F595-4E4E-B694-FE07544E7945\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.0.20\",\"matchCriteriaId\":\"3BCB9B3C-C83A-4563-80F6-3AA50C16A118\"}]}]}],\"references\":[{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf\",\"source\":\"secure@intel.com\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html\",\"source\":\"secure@intel.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2019-AVI-563

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les microgiciels Intel. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une élévation de privilèges.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel PTT versions antérieures à 11.8.65, 11.11.65, 11.22.65, 12.0.35, 13.0.1201 et 14.0.10
Intel	N/A	Intel SPS versions SPS_SoC-X_x antérieures à SPS_SoC-X_04.00.04.086.0
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.2x antérieures à 11.22.70
Intel	N/A	Les processeurs Intel, voir le site du constructeur pour les modèles vulnérables (cf. section documentation)
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 13.x antérieures à 13.0.10
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 12.0.x antérieures à 12.0.45
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions antérieures à 11.8.70
Intel	N/A	Intel SPS versions SPS_E5_x antérieures à SPS_E5_04.00.04.381.0
Intel	N/A	Intel SPS versions SPS_E3_x antérieures à SPS_E3_04.01.04.054.0
Intel	N/A	Intel SPS versions SPS_SoC-A_x antérieures à SPS_SoC-A_04.00.04.181.0
Intel	N/A	Le microgiciel des contrôleurs Ethernet Intel séries 700 versions antérieures à 7.0
Intel	N/A	Intel Baseboard Management Controller (BMC), voir le site du constructeur pour les modèles vulnérables (cf. section documentation)
Intel	N/A	Le logiciel pour contrôleurs Ethernet Intel séries 700 versions antérieure à 24.0
Intel	N/A	Intel TXE versions 3.0.x et 3.1.x antérieures à 3.1.70
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.10.x et 11.11.x antérieures à 11.11.70
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 14.x antérieures à 14.0.10
Intel	N/A	Intel TXE versions 4.0.x antérieures à 4.0.20

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00313 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00219 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00270 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00210 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00240 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00255 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00271 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00260 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00280 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00164 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00241 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00220 du 12 novembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel PTT versions ant\u00e9rieures \u00e0 11.8.65, 11.11.65, 11.22.65, 12.0.35, 13.0.1201 et 14.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions SPS_SoC-X_x ant\u00e9rieures \u00e0 SPS_SoC-X_04.00.04.086.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.2x ant\u00e9rieures \u00e0 11.22.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Les processeurs Intel, voir le site du constructeur pour les mod\u00e8les vuln\u00e9rables (cf. section documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 13.x ant\u00e9rieures \u00e0 13.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 12.0.x ant\u00e9rieures \u00e0 12.0.45",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions ant\u00e9rieures \u00e0 11.8.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions SPS_E5_x ant\u00e9rieures \u00e0 SPS_E5_04.00.04.381.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions SPS_E3_x ant\u00e9rieures \u00e0 SPS_E3_04.01.04.054.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions SPS_SoC-A_x ant\u00e9rieures \u00e0 SPS_SoC-A_04.00.04.181.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Le microgiciel des contr\u00f4leurs Ethernet Intel s\u00e9ries 700 versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Baseboard Management Controller (BMC), voir le site du constructeur pour les mod\u00e8les vuln\u00e9rables (cf. section documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Le logiciel pour contr\u00f4leurs Ethernet Intel s\u00e9ries 700 versions ant\u00e9rieure \u00e0 24.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel TXE versions 3.0.x et 3.1.x ant\u00e9rieures \u00e0 3.1.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.10.x et 11.11.x ant\u00e9rieures \u00e0 11.11.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 14.x ant\u00e9rieures \u00e0 14.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel TXE versions 4.0.x ant\u00e9rieures \u00e0 4.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0143"
    },
    {
      "name": "CVE-2019-11179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11179"
    },
    {
      "name": "CVE-2019-11139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11139"
    },
    {
      "name": "CVE-2019-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0150"
    },
    {
      "name": "CVE-2019-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
    },
    {
      "name": "CVE-2019-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
    },
    {
      "name": "CVE-2019-11097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
    },
    {
      "name": "CVE-2019-0117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0117"
    },
    {
      "name": "CVE-2019-11170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11170"
    },
    {
      "name": "CVE-2019-11132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
    },
    {
      "name": "CVE-2019-11086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
    },
    {
      "name": "CVE-2019-11137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11137"
    },
    {
      "name": "CVE-2019-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
    },
    {
      "name": "CVE-2019-11106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
    },
    {
      "name": "CVE-2019-11175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11175"
    },
    {
      "name": "CVE-2019-0139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0139"
    },
    {
      "name": "CVE-2019-0140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0140"
    },
    {
      "name": "CVE-2019-11172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11172"
    },
    {
      "name": "CVE-2019-11177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11177"
    },
    {
      "name": "CVE-2019-11135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
    },
    {
      "name": "CVE-2019-0168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
    },
    {
      "name": "CVE-2019-11103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
    },
    {
      "name": "CVE-2019-11107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
    },
    {
      "name": "CVE-2019-0141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0141"
    },
    {
      "name": "CVE-2019-11136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11136"
    },
    {
      "name": "CVE-2019-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0149"
    },
    {
      "name": "CVE-2019-11181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11181"
    },
    {
      "name": "CVE-2019-11110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
    },
    {
      "name": "CVE-2019-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0144"
    },
    {
      "name": "CVE-2019-11173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11173"
    },
    {
      "name": "CVE-2019-11182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11182"
    },
    {
      "name": "CVE-2019-11102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
    },
    {
      "name": "CVE-2019-11088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
    },
    {
      "name": "CVE-2019-11105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
    },
    {
      "name": "CVE-2019-0124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0124"
    },
    {
      "name": "CVE-2019-0151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
    },
    {
      "name": "CVE-2019-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11168"
    },
    {
      "name": "CVE-2019-11101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
    },
    {
      "name": "CVE-2019-11171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11171"
    },
    {
      "name": "CVE-2018-12207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
    },
    {
      "name": "CVE-2019-0142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0142"
    },
    {
      "name": "CVE-2019-11131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
    },
    {
      "name": "CVE-2019-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0146"
    },
    {
      "name": "CVE-2019-11090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
    },
    {
      "name": "CVE-2019-0131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
    },
    {
      "name": "CVE-2019-11109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
    },
    {
      "name": "CVE-2019-11178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11178"
    },
    {
      "name": "CVE-2019-0166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
    },
    {
      "name": "CVE-2019-0184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0184"
    },
    {
      "name": "CVE-2019-0123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0123"
    },
    {
      "name": "CVE-2019-11180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11180"
    },
    {
      "name": "CVE-2019-11104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
    },
    {
      "name": "CVE-2019-0148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0148"
    },
    {
      "name": "CVE-2019-11087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
    },
    {
      "name": "CVE-2019-11174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11174"
    },
    {
      "name": "CVE-2019-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0145"
    },
    {
      "name": "CVE-2019-11108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
    },
    {
      "name": "CVE-2019-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0147"
    },
    {
      "name": "CVE-2019-11100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
    },
    {
      "name": "CVE-2019-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
    },
    {
      "name": "CVE-2019-11147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-563",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les microgiciels\nIntel. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les microgiciels Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00313 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00219 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00270 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00210 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00240 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00255 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00271 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00260 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00280 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00164 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00241 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00220 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html"
    }
  ]
}

CERTFR-2020-AVI-090

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Siemens . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC CP 1626
Siemens	N/A	SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0
Siemens	N/A	SIMATIC RF180C
Siemens	N/A	SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associées et variantes SIPLUS)
Siemens	N/A	SCALANCE S602, S612, S623, S627-2M, S627-2M
Siemens	N/A	SIMATIC WinCC (TIA Portal) V14.0.1
Siemens	N/A	SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules
Siemens	N/A	SIMOTION P320-4E
Siemens	N/A	SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.2
Siemens	N/A	TIM 1531 IRC (incl. variante SIPLUS NET) versions antérieures à V2.0
Siemens	N/A	SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E
Siemens	N/A	OZW672 versions antérieures à V10.00
Siemens	N/A	SIMATIC BATCH V9.0
Siemens	N/A	SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions antérieures à V4.1.3
Siemens	N/A	SIMATIC CP 1628 versions antérieures à V14.00.15.00_51.25.00.01
Siemens	N/A	SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)
Siemens	N/A	SIMATIC PCS 7 V8.2
Siemens	N/A	SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions antérieures V2.2
Siemens	N/A	SIMATIC CP 1616 et CP 1604 versions antérieures à V2.8.1
Siemens	N/A	OpenPCS 7 V8.1
Siemens	N/A	SIMATIC WinCC V7.3
Siemens	N/A	SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0
Siemens	N/A	SIMATIC Field PG M4, Field PG M5, Field PG M6
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
Siemens	N/A	OpenPCS 7 V9.0
Siemens	N/A	SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions antérieures à V4.1
Siemens	N/A	SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (excepté 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)
Siemens	N/A	SIMATIC Route Control V9.0
Siemens	N/A	SCALANCE XR-500 switch versions antérieures à V6.2.3
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.6
Siemens	N/A	SINAMICS DCP versions antérieures à V1.3
Siemens	N/A	SIMATIC WinCC V7.4
Siemens	N/A	SIMATIC Route Control V8.2
Siemens	N/A	SCALANCE X-200 switch (incl. variante SIPLUS NET) versions antérieures à V5.2.4
Siemens	N/A	SIMATIC WinCC (TIA Portal) V15.1
Siemens	N/A	SIMATIC RF600 versions antérieures à V3.2.1
Siemens	N/A	SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions antérieures à V5.4.2
Siemens	N/A	SIMATIC ITP1000
Siemens	N/A	SIMATIC IPC Support, Package for VxWorks
Siemens	N/A	OZW772 versions antérieures à V10.00
Siemens	N/A	SCALANCE W700 IEEE 802.11n versions antérieures à V6.4
Siemens	N/A	SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)
Siemens	N/A	SIMATIC WinCC (TIA Portal) V13 versions antérieures à V13 SP2
Siemens	N/A	SIMATIC PCS 7 V8.1
Siemens	N/A	IE/PB LINK PN IO (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC PCS 7 V9.0
Siemens	N/A	SIMATIC S7-1500 CPU (incl. les CPUS ET200 associées et variantes SIPLUS) versions antérieures à 2.8
Siemens	N/A	RUGGEDCOM RM1224 versions antérieures à V6.1.2
Siemens	N/A	SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.0
Siemens	N/A	SIMATIC RF182C
Siemens	N/A	SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)
Siemens	N/A	SIMOTION P320-4S
Siemens	N/A	PROFINET Driver for Controller versions antérieures à V2.1 Patch 03
Siemens	N/A	SCALANCE XM-400 switch versions antérieures à V6.2.3
Siemens	N/A	SIMATIC S7-1200 CPU (incl. variante SIPLUS)
Siemens	N/A	SIMATIC BATCH V8.1
Siemens	N/A	SIMATIC CP 1623 versions antérieures à V14.00.15.00_51.25.00.01
Siemens	N/A	SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à 7.5.1 Upd1
Siemens	N/A	SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA
Siemens	N/A	SIPORT MP versions antérieures à V3.1.4
Siemens	N/A	SIMATIC WinCC (TIA Portal) V16
Siemens	N/A	SIMATIC Route Control V8.1
Siemens	N/A	SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC S7-400 PN/DP CPU V6 et antérieures (incl. variante SIPLUS)
Siemens	N/A	SIMATIC BATCH V8.2
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5 Patch 01
Siemens	N/A	SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF
Siemens	N/A	SCALANCE M-800 / S615 versions antérieures à V6.1.2
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)
Siemens	N/A	SIMATIC MV400
Siemens	N/A	OpenPCS 7 V8.2
Siemens	N/A	SIMATIC S7-1500 Software Controller versions antérieures à 20.8
Siemens	N/A	SIMATIC NET PC Software

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-398519 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-940889 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-974843 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-270778 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-780073 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-986695 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-750824 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-951513 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-431678 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-591405 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-978558 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-978220 du 11 février 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC CP 1626",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF180C",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S602, S612, S623, S627-2M, S627-2M",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V14.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4E",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OZW672 versions ant\u00e9rieures \u00e0 V10.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC BATCH V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V4.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1628 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions ant\u00e9rieures V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1616 et CP 1604 versions ant\u00e9rieures \u00e0 V2.8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Field PG M4, Field PG M5, Field PG M6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions ant\u00e9rieures \u00e0 V4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (except\u00e9 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Route Control V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR-500 switch versions ant\u00e9rieures \u00e0 V6.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS DCP versions ant\u00e9rieures \u00e0 V1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Route Control V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200 switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V15.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF600 versions ant\u00e9rieures \u00e0 V3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITP1000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC Support, Package for VxWorks",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OZW772 versions ant\u00e9rieures \u00e0 V10.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W700 IEEE 802.11n versions ant\u00e9rieures \u00e0 V6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "IE/PB LINK PN IO (incl. variante SIPLUS NET)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS) versions ant\u00e9rieures \u00e0 2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 V6.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF182C",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "PROFINET Driver for Controller versions ant\u00e9rieures \u00e0 V2.1 Patch 03",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM-400 switch versions ant\u00e9rieures \u00e0 V6.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC BATCH V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1623 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 7.5.1 Upd1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPORT MP versions ant\u00e9rieures \u00e0 V3.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Route Control V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP CPU V6 et ant\u00e9rieures (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC BATCH V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5 Patch 01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M-800 / S615 versions ant\u00e9rieures \u00e0 V6.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV400",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 20.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-19282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19282"
    },
    {
      "name": "CVE-2019-19277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19277"
    },
    {
      "name": "CVE-2019-13926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13926"
    },
    {
      "name": "CVE-2019-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
    },
    {
      "name": "CVE-2019-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
    },
    {
      "name": "CVE-2019-19281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19281"
    },
    {
      "name": "CVE-2019-13941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13941"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2019-18217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18217"
    },
    {
      "name": "CVE-2019-12815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12815"
    },
    {
      "name": "CVE-2019-13940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13940"
    },
    {
      "name": "CVE-2019-19279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19279"
    },
    {
      "name": "CVE-2019-13925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13925"
    },
    {
      "name": "CVE-2019-0151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
    },
    {
      "name": "CVE-2019-13946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13946"
    },
    {
      "name": "CVE-2019-6585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6585"
    },
    {
      "name": "CVE-2020-19282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19282"
    },
    {
      "name": "CVE-2019-13924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-090",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-398519 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-940889 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-974843 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-270778 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-780073 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-986695 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-750824 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-951513 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-431678 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-591405 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978558 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978220 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
    }
  ]
}

CERTFR-2020-AVI-420

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Junos Space et Junos Space Security Director versions antérieures à 20.1R1
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11038 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11024 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11026 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11027 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11035 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11023 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11025 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11034 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11033 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11032 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11036 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11031 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11030 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11037 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11028 du 08 juillet 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1167"
    },
    {
      "name": "CVE-2016-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2324"
    },
    {
      "name": "CVE-2013-1960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
    },
    {
      "name": "CVE-2012-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4447"
    },
    {
      "name": "CVE-2016-3991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3991"
    },
    {
      "name": "CVE-2016-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
    },
    {
      "name": "CVE-2014-7826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7826"
    },
    {
      "name": "CVE-2020-1648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1648"
    },
    {
      "name": "CVE-2016-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3621"
    },
    {
      "name": "CVE-2011-0192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
    },
    {
      "name": "CVE-2016-1000341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
    },
    {
      "name": "CVE-2016-6662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
    },
    {
      "name": "CVE-2019-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
    },
    {
      "name": "CVE-2019-11097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
    },
    {
      "name": "CVE-2009-2347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2347"
    },
    {
      "name": "CVE-2014-3634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3634"
    },
    {
      "name": "CVE-2016-1000343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
    },
    {
      "name": "CVE-2015-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1782"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2019-11132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
    },
    {
      "name": "CVE-2014-7825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7825"
    },
    {
      "name": "CVE-2016-6136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
    },
    {
      "name": "CVE-2020-1646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1646"
    },
    {
      "name": "CVE-2019-11086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
    },
    {
      "name": "CVE-2017-7895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
    },
    {
      "name": "CVE-2012-1173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
    },
    {
      "name": "CVE-2012-2088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2088"
    },
    {
      "name": "CVE-2014-9938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9938"
    },
    {
      "name": "CVE-2015-1158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
    },
    {
      "name": "CVE-2020-1651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1651"
    },
    {
      "name": "CVE-2010-2067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2067"
    },
    {
      "name": "CVE-2019-11106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
    },
    {
      "name": "CVE-2016-1000346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
    },
    {
      "name": "CVE-2016-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3945"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2020-1645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1645"
    },
    {
      "name": "CVE-2016-1000345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
    },
    {
      "name": "CVE-2020-1640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1640"
    },
    {
      "name": "CVE-2013-4244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4244"
    },
    {
      "name": "CVE-2016-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
    },
    {
      "name": "CVE-2020-1643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1643"
    },
    {
      "name": "CVE-2018-16881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
    },
    {
      "name": "CVE-2015-7940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7940"
    },
    {
      "name": "CVE-2017-1000117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000117"
    },
    {
      "name": "CVE-2012-5581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5581"
    },
    {
      "name": "CVE-2016-1000338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
    },
    {
      "name": "CVE-2014-3690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3690"
    },
    {
      "name": "CVE-2018-1000613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000613"
    },
    {
      "name": "CVE-2017-12588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12588"
    },
    {
      "name": "CVE-2016-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0787"
    },
    {
      "name": "CVE-2016-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
    },
    {
      "name": "CVE-2016-9555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
    },
    {
      "name": "CVE-2013-1624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1624"
    },
    {
      "name": "CVE-2016-3990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3990"
    },
    {
      "name": "CVE-2019-0168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
    },
    {
      "name": "CVE-2018-1000021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000021"
    },
    {
      "name": "CVE-2019-11103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
    },
    {
      "name": "CVE-2014-9679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9679"
    },
    {
      "name": "CVE-2020-1647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1647"
    },
    {
      "name": "CVE-2019-11107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
    },
    {
      "name": "CVE-2020-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1652"
    },
    {
      "name": "CVE-2017-14867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
    },
    {
      "name": "CVE-2009-5022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5022"
    },
    {
      "name": "CVE-2016-1835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
    },
    {
      "name": "CVE-2019-3856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
    },
    {
      "name": "CVE-2020-1650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1650"
    },
    {
      "name": "CVE-2016-1000342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
    },
    {
      "name": "CVE-2019-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2019-11110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
    },
    {
      "name": "CVE-2013-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
    },
    {
      "name": "CVE-2016-1000339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
    },
    {
      "name": "CVE-2008-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
    },
    {
      "name": "CVE-2017-9935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9935"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2018-5382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5382"
    },
    {
      "name": "CVE-2014-9584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9584"
    },
    {
      "name": "CVE-2019-11102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
    },
    {
      "name": "CVE-2019-3862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
    },
    {
      "name": "CVE-2019-11088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
    },
    {
      "name": "CVE-2019-11105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
    },
    {
      "name": "CVE-2016-5616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5616"
    },
    {
      "name": "CVE-2015-1421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1421"
    },
    {
      "name": "CVE-2014-9529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9529"
    },
    {
      "name": "CVE-2020-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1654"
    },
    {
      "name": "CVE-2013-1961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
    },
    {
      "name": "CVE-2015-7082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7082"
    },
    {
      "name": "CVE-2006-2193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2193"
    },
    {
      "name": "CVE-2014-8171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8171"
    },
    {
      "name": "CVE-2006-2656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2656"
    },
    {
      "name": "CVE-2019-11101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
    },
    {
      "name": "CVE-2016-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
    },
    {
      "name": "CVE-2018-11233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11233"
    },
    {
      "name": "CVE-2013-4232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
    },
    {
      "name": "CVE-2013-4243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4243"
    },
    {
      "name": "CVE-2016-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
    },
    {
      "name": "CVE-2011-3200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3200"
    },
    {
      "name": "CVE-2016-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
    },
    {
      "name": "CVE-2017-15298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15298"
    },
    {
      "name": "CVE-2014-8884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8884"
    },
    {
      "name": "CVE-2015-1159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2019-11131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
    },
    {
      "name": "CVE-2020-1641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1641"
    },
    {
      "name": "CVE-2019-11090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
    },
    {
      "name": "CVE-2013-4758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4758"
    },
    {
      "name": "CVE-2016-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
    },
    {
      "name": "CVE-2019-0131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
    },
    {
      "name": "CVE-2019-11109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
    },
    {
      "name": "CVE-2016-5314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5314"
    },
    {
      "name": "CVE-2016-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
    },
    {
      "name": "CVE-2016-1000352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
    },
    {
      "name": "CVE-2010-2065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2065"
    },
    {
      "name": "CVE-2019-0166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
    },
    {
      "name": "CVE-2010-1411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1411"
    },
    {
      "name": "CVE-2016-3632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3632"
    },
    {
      "name": "CVE-2019-3855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
    },
    {
      "name": "CVE-2015-7547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
    },
    {
      "name": "CVE-2020-1649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1649"
    },
    {
      "name": "CVE-2019-3857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
    },
    {
      "name": "CVE-2012-4564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
    },
    {
      "name": "CVE-2012-2113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2113"
    },
    {
      "name": "CVE-2019-11104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
    },
    {
      "name": "CVE-2019-11087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
    },
    {
      "name": "CVE-2016-1000344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
    },
    {
      "name": "CVE-2019-11108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
    },
    {
      "name": "CVE-2014-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3215"
    },
    {
      "name": "CVE-2018-11235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11235"
    },
    {
      "name": "CVE-2016-6663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6663"
    },
    {
      "name": "CVE-2018-19486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19486"
    },
    {
      "name": "CVE-2015-7545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7545"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2019-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
    },
    {
      "name": "CVE-2019-11100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
    },
    {
      "name": "CVE-2018-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5360"
    },
    {
      "name": "CVE-2018-1000180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
    },
    {
      "name": "CVE-2019-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
    },
    {
      "name": "CVE-2020-1644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1644"
    },
    {
      "name": "CVE-2019-11147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
    },
    {
      "name": "CVE-2012-3401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
    },
    {
      "name": "CVE-2019-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0211"
    },
    {
      "name": "CVE-2014-3683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3683"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-420",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11038 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11038\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11024 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11024\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11026 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11026\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11027 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11027\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11035 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11035\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11023 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11025 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11025\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11034 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11034\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11033 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11033\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11032 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11032\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11036 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11036\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11031 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11031\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11030 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11030\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11037 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11037\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11028 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11028\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2019-AVI-563

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Intel	N/A	Intel PTT versions antérieures à 11.8.65, 11.11.65, 11.22.65, 12.0.35, 13.0.1201 et 14.0.10
Intel	N/A	Intel SPS versions SPS_SoC-X_x antérieures à SPS_SoC-X_04.00.04.086.0
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.2x antérieures à 11.22.70
Intel	N/A	Les processeurs Intel, voir le site du constructeur pour les modèles vulnérables (cf. section documentation)
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 13.x antérieures à 13.0.10
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 12.0.x antérieures à 12.0.45
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions antérieures à 11.8.70
Intel	N/A	Intel SPS versions SPS_E5_x antérieures à SPS_E5_04.00.04.381.0
Intel	N/A	Intel SPS versions SPS_E3_x antérieures à SPS_E3_04.01.04.054.0
Intel	N/A	Intel SPS versions SPS_SoC-A_x antérieures à SPS_SoC-A_04.00.04.181.0
Intel	N/A	Le microgiciel des contrôleurs Ethernet Intel séries 700 versions antérieures à 7.0
Intel	N/A	Intel Baseboard Management Controller (BMC), voir le site du constructeur pour les modèles vulnérables (cf. section documentation)
Intel	N/A	Le logiciel pour contrôleurs Ethernet Intel séries 700 versions antérieure à 24.0
Intel	N/A	Intel TXE versions 3.0.x et 3.1.x antérieures à 3.1.70
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.10.x et 11.11.x antérieures à 11.11.70
Intel	N/A	Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 14.x antérieures à 14.0.10
Intel	N/A	Intel TXE versions 4.0.x antérieures à 4.0.20

References

Title

Publication Time

Tags

Bulletin de sécurité Intel intel-sa-00313 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00219 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00270 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00210 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00240 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00255 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00271 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00260 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00280 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00164 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00241 du 12 novembre 2019	None	vendor-advisory
Bulletin de sécurité Intel intel-sa-00220 du 12 novembre 2019	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Intel PTT versions ant\u00e9rieures \u00e0 11.8.65, 11.11.65, 11.22.65, 12.0.35, 13.0.1201 et 14.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions SPS_SoC-X_x ant\u00e9rieures \u00e0 SPS_SoC-X_04.00.04.086.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.2x ant\u00e9rieures \u00e0 11.22.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Les processeurs Intel, voir le site du constructeur pour les mod\u00e8les vuln\u00e9rables (cf. section documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 13.x ant\u00e9rieures \u00e0 13.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 12.0.x ant\u00e9rieures \u00e0 12.0.45",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions ant\u00e9rieures \u00e0 11.8.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions SPS_E5_x ant\u00e9rieures \u00e0 SPS_E5_04.00.04.381.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions SPS_E3_x ant\u00e9rieures \u00e0 SPS_E3_04.01.04.054.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel SPS versions SPS_SoC-A_x ant\u00e9rieures \u00e0 SPS_SoC-A_04.00.04.181.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Le microgiciel des contr\u00f4leurs Ethernet Intel s\u00e9ries 700 versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel Baseboard Management Controller (BMC), voir le site du constructeur pour les mod\u00e8les vuln\u00e9rables (cf. section documentation)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Le logiciel pour contr\u00f4leurs Ethernet Intel s\u00e9ries 700 versions ant\u00e9rieure \u00e0 24.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel TXE versions 3.0.x et 3.1.x ant\u00e9rieures \u00e0 3.1.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 11.10.x et 11.11.x ant\u00e9rieures \u00e0 11.11.70",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel CSME, Intel AMT, Intel DAL et Intel DAL versions 14.x ant\u00e9rieures \u00e0 14.0.10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    },
    {
      "description": "Intel TXE versions 4.0.x ant\u00e9rieures \u00e0 4.0.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Intel",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0143"
    },
    {
      "name": "CVE-2019-11179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11179"
    },
    {
      "name": "CVE-2019-11139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11139"
    },
    {
      "name": "CVE-2019-0150",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0150"
    },
    {
      "name": "CVE-2019-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
    },
    {
      "name": "CVE-2019-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
    },
    {
      "name": "CVE-2019-11097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
    },
    {
      "name": "CVE-2019-0117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0117"
    },
    {
      "name": "CVE-2019-11170",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11170"
    },
    {
      "name": "CVE-2019-11132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
    },
    {
      "name": "CVE-2019-11086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
    },
    {
      "name": "CVE-2019-11137",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11137"
    },
    {
      "name": "CVE-2019-0154",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0154"
    },
    {
      "name": "CVE-2019-11106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
    },
    {
      "name": "CVE-2019-11175",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11175"
    },
    {
      "name": "CVE-2019-0139",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0139"
    },
    {
      "name": "CVE-2019-0140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0140"
    },
    {
      "name": "CVE-2019-11172",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11172"
    },
    {
      "name": "CVE-2019-11177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11177"
    },
    {
      "name": "CVE-2019-11135",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11135"
    },
    {
      "name": "CVE-2019-0168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
    },
    {
      "name": "CVE-2019-11103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
    },
    {
      "name": "CVE-2019-11107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
    },
    {
      "name": "CVE-2019-0141",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0141"
    },
    {
      "name": "CVE-2019-11136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11136"
    },
    {
      "name": "CVE-2019-0149",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0149"
    },
    {
      "name": "CVE-2019-11181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11181"
    },
    {
      "name": "CVE-2019-11110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
    },
    {
      "name": "CVE-2019-0144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0144"
    },
    {
      "name": "CVE-2019-11173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11173"
    },
    {
      "name": "CVE-2019-11182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11182"
    },
    {
      "name": "CVE-2019-11102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
    },
    {
      "name": "CVE-2019-11088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
    },
    {
      "name": "CVE-2019-11105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
    },
    {
      "name": "CVE-2019-0124",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0124"
    },
    {
      "name": "CVE-2019-0151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
    },
    {
      "name": "CVE-2019-11168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11168"
    },
    {
      "name": "CVE-2019-11101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
    },
    {
      "name": "CVE-2019-11171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11171"
    },
    {
      "name": "CVE-2018-12207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-12207"
    },
    {
      "name": "CVE-2019-0142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0142"
    },
    {
      "name": "CVE-2019-11131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
    },
    {
      "name": "CVE-2019-0146",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0146"
    },
    {
      "name": "CVE-2019-11090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
    },
    {
      "name": "CVE-2019-0131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
    },
    {
      "name": "CVE-2019-11109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
    },
    {
      "name": "CVE-2019-11178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11178"
    },
    {
      "name": "CVE-2019-0166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
    },
    {
      "name": "CVE-2019-0184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0184"
    },
    {
      "name": "CVE-2019-0123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0123"
    },
    {
      "name": "CVE-2019-11180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11180"
    },
    {
      "name": "CVE-2019-11104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
    },
    {
      "name": "CVE-2019-0148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0148"
    },
    {
      "name": "CVE-2019-11087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
    },
    {
      "name": "CVE-2019-11174",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11174"
    },
    {
      "name": "CVE-2019-0145",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0145"
    },
    {
      "name": "CVE-2019-11108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
    },
    {
      "name": "CVE-2019-0147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0147"
    },
    {
      "name": "CVE-2019-11100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
    },
    {
      "name": "CVE-2019-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
    },
    {
      "name": "CVE-2019-11147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-563",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-11-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les microgiciels\nIntel. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une \u00e9l\u00e9vation\nde privil\u00e8ges.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les microgiciels Intel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00313 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00313.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00219 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00219.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00270 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00270.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00210 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00210.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00240 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00240.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00255 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00271 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00271.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00260 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00260.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00280 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00280.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00164 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00164.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00241 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Intel intel-sa-00220 du 12 novembre 2019",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00220.html"
    }
  ]
}

CERTFR-2020-AVI-090

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC CP 1626
Siemens	N/A	SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0
Siemens	N/A	SIMATIC RF180C
Siemens	N/A	SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associées et variantes SIPLUS)
Siemens	N/A	SCALANCE S602, S612, S623, S627-2M, S627-2M
Siemens	N/A	SIMATIC WinCC (TIA Portal) V14.0.1
Siemens	N/A	SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules
Siemens	N/A	SIMOTION P320-4E
Siemens	N/A	SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.2
Siemens	N/A	TIM 1531 IRC (incl. variante SIPLUS NET) versions antérieures à V2.0
Siemens	N/A	SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E
Siemens	N/A	OZW672 versions antérieures à V10.00
Siemens	N/A	SIMATIC BATCH V9.0
Siemens	N/A	SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions antérieures à V4.1.3
Siemens	N/A	SIMATIC CP 1628 versions antérieures à V14.00.15.00_51.25.00.01
Siemens	N/A	SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)
Siemens	N/A	SIMATIC PCS 7 V8.2
Siemens	N/A	SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions antérieures V2.2
Siemens	N/A	SIMATIC CP 1616 et CP 1604 versions antérieures à V2.8.1
Siemens	N/A	OpenPCS 7 V8.1
Siemens	N/A	SIMATIC WinCC V7.3
Siemens	N/A	SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions antérieures à V4.1.0
Siemens	N/A	SIMATIC Field PG M4, Field PG M5, Field PG M6
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller
Siemens	N/A	OpenPCS 7 V9.0
Siemens	N/A	SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions antérieures à V4.1
Siemens	N/A	SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (excepté 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)
Siemens	N/A	SIMATIC Route Control V9.0
Siemens	N/A	SCALANCE XR-500 switch versions antérieures à V6.2.3
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions antérieures à V4.6
Siemens	N/A	SINAMICS DCP versions antérieures à V1.3
Siemens	N/A	SIMATIC WinCC V7.4
Siemens	N/A	SIMATIC Route Control V8.2
Siemens	N/A	SCALANCE X-200 switch (incl. variante SIPLUS NET) versions antérieures à V5.2.4
Siemens	N/A	SIMATIC WinCC (TIA Portal) V15.1
Siemens	N/A	SIMATIC RF600 versions antérieures à V3.2.1
Siemens	N/A	SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions antérieures à V5.4.2
Siemens	N/A	SIMATIC ITP1000
Siemens	N/A	SIMATIC IPC Support, Package for VxWorks
Siemens	N/A	OZW772 versions antérieures à V10.00
Siemens	N/A	SCALANCE W700 IEEE 802.11n versions antérieures à V6.4
Siemens	N/A	SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)
Siemens	N/A	SIMATIC WinCC (TIA Portal) V13 versions antérieures à V13 SP2
Siemens	N/A	SIMATIC PCS 7 V8.1
Siemens	N/A	IE/PB LINK PN IO (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC PCS 7 V9.0
Siemens	N/A	SIMATIC S7-1500 CPU (incl. les CPUS ET200 associées et variantes SIPLUS) versions antérieures à 2.8
Siemens	N/A	RUGGEDCOM RM1224 versions antérieures à V6.1.2
Siemens	N/A	SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions antérieures à V4.2.0
Siemens	N/A	SIMATIC RF182C
Siemens	N/A	SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)
Siemens	N/A	SIMOTION P320-4S
Siemens	N/A	PROFINET Driver for Controller versions antérieures à V2.1 Patch 03
Siemens	N/A	SCALANCE XM-400 switch versions antérieures à V6.2.3
Siemens	N/A	SIMATIC S7-1200 CPU (incl. variante SIPLUS)
Siemens	N/A	SIMATIC BATCH V8.1
Siemens	N/A	SIMATIC CP 1623 versions antérieures à V14.00.15.00_51.25.00.01
Siemens	N/A	SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à 7.5.1 Upd1
Siemens	N/A	SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA
Siemens	N/A	SIPORT MP versions antérieures à V3.1.4
Siemens	N/A	SIMATIC WinCC (TIA Portal) V16
Siemens	N/A	SIMATIC Route Control V8.1
Siemens	N/A	SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)
Siemens	N/A	SIMATIC S7-400 PN/DP CPU V6 et antérieures (incl. variante SIPLUS)
Siemens	N/A	SIMATIC BATCH V8.2
Siemens	N/A	Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions antérieures à V4.5 Patch 01
Siemens	N/A	SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF
Siemens	N/A	SCALANCE M-800 / S615 versions antérieures à V6.1.2
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)
Siemens	N/A	SIMATIC MV400
Siemens	N/A	OpenPCS 7 V8.2
Siemens	N/A	SIMATIC S7-1500 Software Controller versions antérieures à 20.8
Siemens	N/A	SIMATIC NET PC Software

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-398519 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-940889 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-974843 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-270778 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-780073 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-986695 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-750824 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-951513 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-431678 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-591405 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-978558 du 11 février 2020	None	vendor-advisory
Bulletin de sécurité Siemens ssa-978220 du 11 février 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC CP 1626",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP IM155-6 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF180C",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-300 PN/DP CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE S602, S612, S623, S627-2M, S627-2M",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V14.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 4 et SIPROTEC Compact relays equipped with EN100 Ethernet communication modules",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4E",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200SP IM155-6 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC127E, IPC427C, IPC477C, IPC477D, IPC477E, IPC477E Pro, IPC527G, IPC547E, IPC547G, IPC627C, IPC627D, IPC627E, IPC647C, IPC647D, IPC647E, IPC677C, IPC677D, IPC677E, IPC827C, IPC827D, IPC827E, IPC847C, IPC847D, IPC847E",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OZW672 versions ant\u00e9rieures \u00e0 V10.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC BATCH V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-300 switch (incl. X408 et variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V4.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1628 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200S, ET200SP IM155-6 PN Basic (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1543-1 (incl. variante SIPLUS NET) versions ant\u00e9rieures V2.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1616 et CP 1604 versions ant\u00e9rieures \u00e0 V2.8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200MP IM155-5 PN ST (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Field PG M4, Field PG M5, Field PG M6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XB-200, XC-200, XP-200, XF-200BA and XR-300WG versions ant\u00e9rieures \u00e0 V4.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200AL IM 157-1 PN, ET200ecoPN (except\u00e9 6ES7148-6JD00-0AB0 et 6ES7146-6FF00-0AB0), ET200M IM153-4 PN IO HF (incl. variante SIPLUS), ET200M IM153-4 PN IO ST (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Route Control V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XR-500 switch versions ant\u00e9rieures \u00e0 V6.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P versions ant\u00e9rieures \u00e0 V4.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS DCP versions ant\u00e9rieures \u00e0 V1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Route Control V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200 switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.2.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V15.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF600 versions ant\u00e9rieures \u00e0 V3.2.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200IRT switch (incl. variante SIPLUS NET) versions ant\u00e9rieures \u00e0 V5.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ITP1000",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC Support, Package for VxWorks",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OZW772 versions ant\u00e9rieures \u00e0 V10.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE W700 IEEE 802.11n versions ant\u00e9rieures \u00e0 V6.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP CPU V7 (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "IE/PB LINK PN IO (incl. variante SIPLUS NET)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS 7 V9.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 CPU (incl. les CPUS ET200 associ\u00e9es et variantes SIPLUS) versions ant\u00e9rieures \u00e0 2.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM RM1224 versions ant\u00e9rieures \u00e0 V6.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200MP IM155-5 PN HF (incl. variante SIPLUS) versions ant\u00e9rieures \u00e0 V4.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RF182C",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC IPC427D, IPC427E (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMOTION P320-4S",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "PROFINET Driver for Controller versions ant\u00e9rieures \u00e0 V2.1 Patch 03",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE XM-400 switch versions ant\u00e9rieures \u00e0 V6.2.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC BATCH V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 1623 versions ant\u00e9rieures \u00e0 V14.00.15.00_51.25.00.01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 Advanced, CP 343-1, CP 343-1 LEAN, CP 443-1 Advanced, CP 443-1 (incl. variante SIPLUS NET)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 7.5.1 Upd1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC CP 343-1 ERPC, CP 443-1 OPC UA",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPORT MP versions ant\u00e9rieures \u00e0 V3.1.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC (TIA Portal) V16",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Route Control V8.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PN/PN Coupler 6ES7158-3AD01-0XA0 (incl. variante SIPLUS NET)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-400 PN/DP CPU V6 et ant\u00e9rieures (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC BATCH V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 versions ant\u00e9rieures \u00e0 V4.5 Patch 01",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET200pro, IM 154-3 PN HF et ET200pro, IM 154-4 PN HF",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE M-800 / S615 versions ant\u00e9rieures \u00e0 V6.1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. variante SIPLUS)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC MV400",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "OpenPCS 7 V8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 20.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-19282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19282"
    },
    {
      "name": "CVE-2019-19277",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19277"
    },
    {
      "name": "CVE-2019-13926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13926"
    },
    {
      "name": "CVE-2019-0152",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0152"
    },
    {
      "name": "CVE-2019-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
    },
    {
      "name": "CVE-2019-19281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19281"
    },
    {
      "name": "CVE-2019-13941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13941"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2019-18217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-18217"
    },
    {
      "name": "CVE-2019-12815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-12815"
    },
    {
      "name": "CVE-2019-13940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13940"
    },
    {
      "name": "CVE-2019-19279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-19279"
    },
    {
      "name": "CVE-2019-13925",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13925"
    },
    {
      "name": "CVE-2019-0151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0151"
    },
    {
      "name": "CVE-2019-13946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13946"
    },
    {
      "name": "CVE-2019-6585",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6585"
    },
    {
      "name": "CVE-2020-19282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-19282"
    },
    {
      "name": "CVE-2019-13924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-090",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-398519 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-940889 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-940889.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-974843 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-974843.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-270778 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-270778.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-780073 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-780073.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-986695 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-986695.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-750824 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-750824.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-951513 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-951513.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-431678 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-431678.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-591405 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-591405.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978558 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978558.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-978220 du 11 f\u00e9vrier 2020",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-978220.pdf"
    }
  ]
}

CERTFR-2020-AVI-420

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
N/A	N/A	Junos Space et Junos Space Security Director versions antérieures à 20.1R1
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO
Juniper Networks	Junos OS	Junos OS versions antérieures à 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11038 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11024 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11026 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11027 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11035 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11023 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11025 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11034 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11033 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11032 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11036 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11031 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11030 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11037 du 08 juillet 2020	None	vendor-advisory
Bulletin de sécurité Juniper JSA11028 du 08 juillet 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos Space et Junos Space Security Director versions ant\u00e9rieures \u00e0 20.1R1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 19.1R3-EVO,19.2R2-EVO, 19.3R1-EVO, 19.3R3-EVO, 19.4R2-EVO, 19.4R2-S2-EVO, 20.1R1-EVO, 20.1R2-EVO et 20.2R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S15, 12.3X48-D100, 12.3X48-D95, 14.1X53-D140, 14.1X53-D54, 15.1R7-S6, 15.1R7-S7, 15.1X49-D200, 15.1X49-D210, 15.1X49-D230, 15.1X53-D593, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.1R2-S12, 17.1R3-S2, 17.2R1-S9, 17.2R2-S8, 17.2R3-S3, 17.2R3-S4, 17.2X75-D105.19, 17.3R2-S5, 17.3R3-S6, 17.3R3-S7, 17.3R3-S8, 17.4R1-S3, 17.4R2, 17.4R2-S10, 17.4R2-S11, 17.4R2-S2, 17.4R2-S4, 17.4R2-S8, 17.4R2-S9, 17.4R3, 17.4R3-S1, 17.4R3-S2, 18.1R2, 18.1R3-S10, 18.1R3-S2, 18.1R3-S5, 18.1R3-S8, 18.1R3-S9, 18.2R1, 18.2R2, 18.2R2-S6, 18.2R2-S7, 18.2R3, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2X75-D10, 18.2X75-D13, 18.2X75-D32, 18.2X75-D33, 18.2X75-D34, 18.2X75-D40, 18.2X75-D41, 18.2X75-D411.1, 18.2X75-D420, 18.2X75-D420.18, 18.2X75-D430, 18.2X75-D50, 18.2X75-D52, 18.2X75-D52.3, 18.2X75-D52.8, 18.2X75-D53, 18.2X75-D60, 18.2X75-D60.2, 18.2X75-D65, 18.2X75-D65.1, 18.2X75-D70, 18.2X75-D70;(*1), 18.3R1-S2, 18.3R1-S7, 18.3R2, 18.3R2-S3, 18.3R2-S4, 18.3R3, 18.3R3-S1, 18.3R3-S2, 18.4R1, 18.4R1-S5, 18.4R1-S6, 18.4R1-S7, 18.4R2, 18.4R2-S4, 18.4R2-S5, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3(*2), 19.1R1-S4, 19.1R1-S5, 19.1R2, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.2R1, 19.2R1-S2, 19.2R1-S3, 19.2R1-S4, 19.2R1-S5, 19.2R2, 19.2R3, 19.3R2, 19.3R2-S2, 19.3R2-S3, 19.3R3, 19.4R1, 19.4R1-S1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R3, 20.1R1, 20.1R1-S1, 20.1R1-S2, 20.1R2 et 20.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1167"
    },
    {
      "name": "CVE-2016-2324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2324"
    },
    {
      "name": "CVE-2013-1960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1960"
    },
    {
      "name": "CVE-2012-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4447"
    },
    {
      "name": "CVE-2016-3991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3991"
    },
    {
      "name": "CVE-2016-1838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1838"
    },
    {
      "name": "CVE-2014-7826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7826"
    },
    {
      "name": "CVE-2020-1648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1648"
    },
    {
      "name": "CVE-2016-3621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3621"
    },
    {
      "name": "CVE-2011-0192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0192"
    },
    {
      "name": "CVE-2016-1000341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000341"
    },
    {
      "name": "CVE-2016-6662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6662"
    },
    {
      "name": "CVE-2019-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0169"
    },
    {
      "name": "CVE-2019-11097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11097"
    },
    {
      "name": "CVE-2009-2347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-2347"
    },
    {
      "name": "CVE-2014-3634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3634"
    },
    {
      "name": "CVE-2016-1000343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000343"
    },
    {
      "name": "CVE-2015-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1782"
    },
    {
      "name": "CVE-2017-13098",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-13098"
    },
    {
      "name": "CVE-2019-11132",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11132"
    },
    {
      "name": "CVE-2014-7825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-7825"
    },
    {
      "name": "CVE-2016-6136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6136"
    },
    {
      "name": "CVE-2020-1646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1646"
    },
    {
      "name": "CVE-2019-11086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11086"
    },
    {
      "name": "CVE-2017-7895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7895"
    },
    {
      "name": "CVE-2012-1173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1173"
    },
    {
      "name": "CVE-2012-2088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2088"
    },
    {
      "name": "CVE-2014-9938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9938"
    },
    {
      "name": "CVE-2015-1158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1158"
    },
    {
      "name": "CVE-2020-1651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1651"
    },
    {
      "name": "CVE-2010-2067",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2067"
    },
    {
      "name": "CVE-2019-11106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11106"
    },
    {
      "name": "CVE-2016-1000346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000346"
    },
    {
      "name": "CVE-2016-3945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3945"
    },
    {
      "name": "CVE-2016-4447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4447"
    },
    {
      "name": "CVE-2016-4448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4448"
    },
    {
      "name": "CVE-2020-1645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1645"
    },
    {
      "name": "CVE-2016-1000345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000345"
    },
    {
      "name": "CVE-2020-1640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1640"
    },
    {
      "name": "CVE-2013-4244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4244"
    },
    {
      "name": "CVE-2016-3705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3705"
    },
    {
      "name": "CVE-2020-1643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1643"
    },
    {
      "name": "CVE-2018-16881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-16881"
    },
    {
      "name": "CVE-2015-7940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7940"
    },
    {
      "name": "CVE-2017-1000117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000117"
    },
    {
      "name": "CVE-2012-5581",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-5581"
    },
    {
      "name": "CVE-2016-1000338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000338"
    },
    {
      "name": "CVE-2014-3690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3690"
    },
    {
      "name": "CVE-2018-1000613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000613"
    },
    {
      "name": "CVE-2017-12588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-12588"
    },
    {
      "name": "CVE-2016-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0787"
    },
    {
      "name": "CVE-2016-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1834"
    },
    {
      "name": "CVE-2016-9555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-9555"
    },
    {
      "name": "CVE-2013-1624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1624"
    },
    {
      "name": "CVE-2016-3990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3990"
    },
    {
      "name": "CVE-2019-0168",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0168"
    },
    {
      "name": "CVE-2018-1000021",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000021"
    },
    {
      "name": "CVE-2019-11103",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11103"
    },
    {
      "name": "CVE-2014-9679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9679"
    },
    {
      "name": "CVE-2020-1647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1647"
    },
    {
      "name": "CVE-2019-11107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11107"
    },
    {
      "name": "CVE-2020-1652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1652"
    },
    {
      "name": "CVE-2017-14867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-14867"
    },
    {
      "name": "CVE-2009-5022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-5022"
    },
    {
      "name": "CVE-2016-1835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1835"
    },
    {
      "name": "CVE-2019-3856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3856"
    },
    {
      "name": "CVE-2020-1650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1650"
    },
    {
      "name": "CVE-2016-1000342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000342"
    },
    {
      "name": "CVE-2019-3863",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3863"
    },
    {
      "name": "CVE-2016-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1836"
    },
    {
      "name": "CVE-2019-11110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11110"
    },
    {
      "name": "CVE-2013-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
    },
    {
      "name": "CVE-2016-1000339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000339"
    },
    {
      "name": "CVE-2008-2327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2327"
    },
    {
      "name": "CVE-2017-9935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-9935"
    },
    {
      "name": "CVE-2018-3639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
    },
    {
      "name": "CVE-2018-5382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5382"
    },
    {
      "name": "CVE-2014-9584",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9584"
    },
    {
      "name": "CVE-2019-11102",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11102"
    },
    {
      "name": "CVE-2019-3862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3862"
    },
    {
      "name": "CVE-2019-11088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11088"
    },
    {
      "name": "CVE-2019-11105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11105"
    },
    {
      "name": "CVE-2016-5616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5616"
    },
    {
      "name": "CVE-2015-1421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1421"
    },
    {
      "name": "CVE-2014-9529",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9529"
    },
    {
      "name": "CVE-2020-1654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1654"
    },
    {
      "name": "CVE-2013-1961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1961"
    },
    {
      "name": "CVE-2015-7082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7082"
    },
    {
      "name": "CVE-2006-2193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2193"
    },
    {
      "name": "CVE-2014-8171",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8171"
    },
    {
      "name": "CVE-2006-2656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2656"
    },
    {
      "name": "CVE-2019-11101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11101"
    },
    {
      "name": "CVE-2016-1833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1833"
    },
    {
      "name": "CVE-2018-11233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11233"
    },
    {
      "name": "CVE-2013-4232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4232"
    },
    {
      "name": "CVE-2013-4243",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4243"
    },
    {
      "name": "CVE-2016-3627",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3627"
    },
    {
      "name": "CVE-2011-3200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3200"
    },
    {
      "name": "CVE-2016-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1840"
    },
    {
      "name": "CVE-2017-15298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15298"
    },
    {
      "name": "CVE-2014-8884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8884"
    },
    {
      "name": "CVE-2015-1159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1159"
    },
    {
      "name": "CVE-2016-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1762"
    },
    {
      "name": "CVE-2019-11131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11131"
    },
    {
      "name": "CVE-2020-1641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1641"
    },
    {
      "name": "CVE-2019-11090",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11090"
    },
    {
      "name": "CVE-2013-4758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-4758"
    },
    {
      "name": "CVE-2016-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1837"
    },
    {
      "name": "CVE-2019-0131",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0131"
    },
    {
      "name": "CVE-2019-11109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11109"
    },
    {
      "name": "CVE-2016-5314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-5314"
    },
    {
      "name": "CVE-2016-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1839"
    },
    {
      "name": "CVE-2016-1000352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000352"
    },
    {
      "name": "CVE-2010-2065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2065"
    },
    {
      "name": "CVE-2019-0166",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0166"
    },
    {
      "name": "CVE-2010-1411",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1411"
    },
    {
      "name": "CVE-2016-3632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3632"
    },
    {
      "name": "CVE-2019-3855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3855"
    },
    {
      "name": "CVE-2015-7547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
    },
    {
      "name": "CVE-2020-1649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1649"
    },
    {
      "name": "CVE-2019-3857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3857"
    },
    {
      "name": "CVE-2012-4564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4564"
    },
    {
      "name": "CVE-2012-2113",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2113"
    },
    {
      "name": "CVE-2019-11104",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11104"
    },
    {
      "name": "CVE-2019-11087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11087"
    },
    {
      "name": "CVE-2016-1000344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1000344"
    },
    {
      "name": "CVE-2019-11108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11108"
    },
    {
      "name": "CVE-2014-3215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3215"
    },
    {
      "name": "CVE-2018-11235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-11235"
    },
    {
      "name": "CVE-2016-6663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6663"
    },
    {
      "name": "CVE-2018-19486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-19486"
    },
    {
      "name": "CVE-2015-7545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7545"
    },
    {
      "name": "CVE-2016-4449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4449"
    },
    {
      "name": "CVE-2019-1551",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1551"
    },
    {
      "name": "CVE-2019-11100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11100"
    },
    {
      "name": "CVE-2018-5360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-5360"
    },
    {
      "name": "CVE-2018-1000180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000180"
    },
    {
      "name": "CVE-2019-0165",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0165"
    },
    {
      "name": "CVE-2020-1644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1644"
    },
    {
      "name": "CVE-2019-11147",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11147"
    },
    {
      "name": "CVE-2012-3401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3401"
    },
    {
      "name": "CVE-2019-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0211"
    },
    {
      "name": "CVE-2014-3683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3683"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-420",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-07-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11038 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11038\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11024 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11024\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11026 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11026\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11027 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11027\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11035 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11035\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11023 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11023\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11025 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11025\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11034 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11034\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11033 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11033\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11032 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11032\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11036 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11036\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11031 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11031\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11030 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11030\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11037 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11037\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11028 du 08 juillet 2020",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11028\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

BDU:2019-04609

Vulnerability from fstec - Published: 12.11.2019

Title

Уязвимость микропрограммного обеспечения Intel Converged Security and Manageability Engine (CSME) и Intel Trusted Execution Engine (TXE), связанная с переполнением буфера в динамической памяти, позволяющая нарушителю раскрыть защищаемую информацию, вызвать отказ в обслуживании или повысить свои привилегии

Description

Уязвимость микропрограммного обеспечения Intel Converged Security and Manageability Engine (CSME) и Intel Trusted Execution Engine (TXE) связана с переполнением буфера в динамической памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, раскрыть защищаемую информацию, вызвать отказ в обслуживании или повысить свои привилегии

Severity


                    
                      AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vendor

Intel Corp.

Software Name

Intel Converged Security and Manageability Engine, Intel Trusted Execution Engine

Software Version

до 12.0.45 (Intel Converged Security and Manageability Engine), до 11.8.70 (Intel Converged Security and Manageability Engine), до 11.11.70 (Intel Converged Security and Manageability Engine), до 11.22.70 (Intel Converged Security and Manageability Engine), до 3.1.70 (Intel Trusted Execution Engine), до 4.0.20 (Intel Trusted Execution Engine)

Possible Mitigations

Использование рекомендаций: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Reference

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

CWE

CWE-122

JSON

To clipboard

{
  "CVSS 2.0": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Intel Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 12.0.45 (Intel Converged Security and Manageability Engine), \u0434\u043e 11.8.70 (Intel Converged Security and Manageability Engine), \u0434\u043e 11.11.70 (Intel Converged Security and Manageability Engine), \u0434\u043e 11.22.70 (Intel Converged Security and Manageability Engine), \u0434\u043e 3.1.70 (Intel Trusted Execution Engine), \u0434\u043e 4.0.20 (Intel Trusted Execution Engine)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.11.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.12.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.12.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04609",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-0169",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Intel Converged Security and Manageability Engine, Intel Trusted Execution Engine",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Intel Converged Security and Manageability Engine (CSME) \u0438 Intel Trusted Execution Engine (TXE), \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Intel Converged Security and Manageability Engine (CSME) \u0438 Intel Trusted Execution Engine (TXE) \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0430\u0435\u043c\u0443\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,3)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,6)"
}

CNVD-2019-42600

Vulnerability from cnvd - Published: 2019-11-28

Title

Intel Converged Security and Management Engine和Intel TXE缓冲区溢出漏洞

Description

Intel Converged Security and Management Engine（CSME）和Intel TXE都是美国英特尔（Intel）公司的产品。Intel Converged Security and Management Engine是一款安全管理引擎。Intel TXE是一款使用在CPU（中央处理器）中具有硬件验证功能的信任执行引擎。 Intel CSME和Intel TXE中的子系统存在缓冲区溢出漏洞。攻击者可利用该漏洞提升权限，泄露信息或造成拒绝服务。

Severity

高

Patch Name

Intel Converged Security and Management Engine和Intel TXE缓冲区溢出漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html

Reference

https://support.lenovo.com/us/en/product_security/LEN-27716

Impacted products

Name
['Intel TXE <3.1.70', 'Intel TXE <4.0.20', 'Intel Converged Security and Management Engine（CSME） <11.8.70', 'Intel Converged Security and Management Engine（CSME） <12.0.45', 'Intel Converged Security and Management Engine（CSME） <13.0.10', 'Intel Converged Security and Management Engine（CSME） <14.0.10', 'Intel Converged Security and Management Engine（CSME） <11.11.70', 'Intel Converged Security and Management Engine（CSME） <11.22.70']

Name

['Intel TXE <3.1.70', 'Intel TXE <4.0.20', 'Intel Converged Security and Management Engine（CSME） <11.8.70', 'Intel Converged Security and Management Engine（CSME） <12.0.45', 'Intel Converged Security and Management Engine（CSME） <13.0.10', 'Intel Converged Security and Management Engine（CSME） <14.0.10', 'Intel Converged Security and Management Engine（CSME） <11.11.70', 'Intel Converged Security and Management Engine（CSME） <11.22.70']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-0169"
    }
  },
  "description": "Intel Converged Security and Management Engine\uff08CSME\uff09\u548cIntel TXE\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Converged Security and Management Engine\u662f\u4e00\u6b3e\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel TXE\u662f\u4e00\u6b3e\u4f7f\u7528\u5728CPU\uff08\u4e2d\u592e\u5904\u7406\u5668\uff09\u4e2d\u5177\u6709\u786c\u4ef6\u9a8c\u8bc1\u529f\u80fd\u7684\u4fe1\u4efb\u6267\u884c\u5f15\u64ce\u3002\n\nIntel CSME\u548cIntel TXE\u4e2d\u7684\u5b50\u7cfb\u7edf\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u6cc4\u9732\u4fe1\u606f\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42600",
  "openTime": "2019-11-28",
  "patchDescription": "Intel Converged Security and Management Engine\uff08CSME\uff09\u548cIntel TXE\u90fd\u662f\u7f8e\u56fd\u82f1\u7279\u5c14\uff08Intel\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Intel Converged Security and Management Engine\u662f\u4e00\u6b3e\u5b89\u5168\u7ba1\u7406\u5f15\u64ce\u3002Intel TXE\u662f\u4e00\u6b3e\u4f7f\u7528\u5728CPU\uff08\u4e2d\u592e\u5904\u7406\u5668\uff09\u4e2d\u5177\u6709\u786c\u4ef6\u9a8c\u8bc1\u529f\u80fd\u7684\u4fe1\u4efb\u6267\u884c\u5f15\u64ce\u3002\r\n\r\nIntel CSME\u548cIntel TXE\u4e2d\u7684\u5b50\u7cfb\u7edf\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u5347\u6743\u9650\uff0c\u6cc4\u9732\u4fe1\u606f\u6216\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Intel Converged Security and Management Engine\u548cIntel TXE\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Intel TXE \u003c3.1.70",
      "Intel TXE \u003c4.0.20",
      "Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c11.8.70",
      "Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c12.0.45",
      "Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c13.0.10",
      "Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c14.0.10",
      "Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c11.11.70",
      "Intel Converged Security and Management Engine\uff08CSME\uff09 \u003c11.22.70"
    ]
  },
  "referenceLink": "https://support.lenovo.com/us/en/product_security/LEN-27716",
  "serverity": "\u9ad8",
  "submitTime": "2019-11-14",
  "title": "Intel Converged Security and Management Engine\u548cIntel TXE\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

FKIE_CVE-2019-0169

Vulnerability from fkie_nvd - Published: 2019-12-18 22:15 - Updated: 2024-11-21 04:16

Severity

8.8 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secure@intel.com	https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf
secure@intel.com	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf
af854a3a-2127-422b-91ae-364da2661108	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html	Vendor Advisory

Impacted products

Vendor	Product	Version
intel	converged_security_management_engine_firmware	*
intel	converged_security_management_engine_firmware	*
intel	converged_security_management_engine_firmware	*
intel	converged_security_management_engine_firmware	*
intel	trusted_execution_engine_firmware	*
intel	trusted_execution_engine_firmware	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF9B1B-4031-40EF-8516-60ABD2BBF1C0",
              "versionEndExcluding": "11.8.70",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BEC9F8B-3830-4657-874A-521BB9D312F2",
              "versionEndExcluding": "11.11.70",
              "versionStartIncluding": "11.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "58765D34-F8CD-48A2-BA46-F234C2A30B57",
              "versionEndExcluding": "11.22.70",
              "versionStartIncluding": "11.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:converged_security_management_engine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1F8A4D-A2DF-44A8-BA4F-8868107C35A0",
              "versionEndExcluding": "12.0.45",
              "versionStartIncluding": "12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD17A8EA-F595-4E4E-B694-FE07544E7945",
              "versionEndExcluding": "3.1.70",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:intel:trusted_execution_engine_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BCB9B3C-C83A-4563-80F6-3AA50C16A118",
              "versionEndExcluding": "4.0.20",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de la pila en el subsistema para Intel\u00ae CSME versiones anteriores a 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel\u00ae TXE versiones anteriores a 3.1.70 y 4.0.20, puede permitir a un usuario no autenticado habilitar potencialmente una escalada de privilegios, una divulgaci\u00f3n de informaci\u00f3n o una denegaci\u00f3n de servicio por medio de un acceso adyacente."
    }
  ],
  "id": "CVE-2019-0169",
  "lastModified": "2024-11-21T04:16:23.887",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-12-18T22:15:11.940",
  "references": [
    {
      "source": "secure@intel.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WR9C-8F8X-8242

Vulnerability from github – Published: 2022-05-24 17:03 – Updated: 2024-04-04 02:43

Details

Severity

8.8 (High)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-0169"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-12-18T22:15:00Z",
    "severity": "HIGH"
  },
  "details": "Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access.",
  "id": "GHSA-wr9c-8f8x-8242",
  "modified": "2024-04-04T02:43:52Z",
  "published": "2022-05-24T17:03:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0169"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-398519.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2019-0169 (GCVE-0-2019-0169)

Solution

Solution

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature