Refine your search
7 vulnerabilities found for process by Symfony
CERTFR-2024-AVI-0948
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Symfony. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Symfony | http-client | http-client versions 7.x antérieures à 7.1.7 pour composer | ||
| Symfony | security-bundle | security-bundle versions 6.x antérieures à 6.4.10 pour composer | ||
| Symfony | http-foundation | http-foundation versions 6.x antérieures à 6.4.14 pour composer | ||
| Symfony | http-foundation | http-foundation versions antérieures à 5.4.46 pour composer | ||
| Symfony | runtime | runtime versions 7.x antérieures à 7.1.7 pour composer | ||
| Symfony | runtime | runtime versions 6.x antérieures à 6.4.14 pour composer | ||
| Symfony | validator | validator versions 7.x antérieures à 7.1.4 pour composer | ||
| Symfony | process | process versions antérieures à 5.4.46 pour composer | ||
| Symfony | http-foundation | http-foundation versions 7.x antérieures à 7.1.7 pour composer | ||
| Symfony | runtime | runtime versions antérieures à 5.4.46 pour composer | ||
| Symfony | validator | validator versions antérieures à 5.4.43 pour composer | ||
| Symfony | http-client | http-client versions 5.4.46 pour composer | ||
| Symfony | security-bundle | security-bundle versions 7.1.x antérieures à 7.1.3 pour composer | ||
| Symfony | http-client | http-client versions 6.x antérieures à 6.4.14 pour composer | ||
| Symfony | security-bundle | security-bundle versions 7.0.x antérieures à 7.0.10 pour composer | ||
| Symfony | process | process versions 7.x antérieures à 7.1.7 pour composer | ||
| Symfony | validator | validator versions 6.x antérieures à 6.4.11 pour composer | ||
| Symfony | process | process versions 6.x antérieures à 6.4.14 pour composer |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "http-client versions 7.x ant\u00e9rieures \u00e0 7.1.7 pour composer",
"product": {
"name": "http-client",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "security-bundle versions 6.x ant\u00e9rieures \u00e0 6.4.10 pour composer",
"product": {
"name": "security-bundle",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "http-foundation versions 6.x ant\u00e9rieures \u00e0 6.4.14 pour composer",
"product": {
"name": "http-foundation",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "http-foundation versions ant\u00e9rieures \u00e0 5.4.46 pour composer",
"product": {
"name": "http-foundation",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "runtime versions 7.x ant\u00e9rieures \u00e0 7.1.7 pour composer",
"product": {
"name": "runtime",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "runtime versions 6.x ant\u00e9rieures \u00e0 6.4.14 pour composer",
"product": {
"name": "runtime",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "validator versions 7.x ant\u00e9rieures \u00e0 7.1.4 pour composer",
"product": {
"name": "validator",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "process versions ant\u00e9rieures \u00e0 5.4.46 pour composer",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "http-foundation versions 7.x ant\u00e9rieures \u00e0 7.1.7 pour composer",
"product": {
"name": "http-foundation",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "runtime versions ant\u00e9rieures \u00e0 5.4.46 pour composer",
"product": {
"name": "runtime",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "validator versions ant\u00e9rieures \u00e0 5.4.43 pour composer",
"product": {
"name": "validator",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "http-client versions 5.4.46 pour composer",
"product": {
"name": "http-client",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "security-bundle versions 7.1.x ant\u00e9rieures \u00e0 7.1.3 pour composer",
"product": {
"name": "security-bundle",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "http-client versions 6.x ant\u00e9rieures \u00e0 6.4.14 pour composer",
"product": {
"name": "http-client",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "security-bundle versions 7.0.x ant\u00e9rieures \u00e0 7.0.10 pour composer",
"product": {
"name": "security-bundle",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "process versions 7.x ant\u00e9rieures \u00e0 7.1.7 pour composer",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "validator versions 6.x ant\u00e9rieures \u00e0 6.4.11 pour composer",
"product": {
"name": "validator",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "process versions 6.x ant\u00e9rieures \u00e0 6.4.14 pour composer",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-50341",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50341"
},
{
"name": "CVE-2024-50342",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50342"
},
{
"name": "CVE-2024-51736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-51736"
},
{
"name": "CVE-2024-50340",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50340"
},
{
"name": "CVE-2024-50345",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50345"
},
{
"name": "CVE-2024-50343",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50343"
}
],
"initial_release_date": "2024-11-06T00:00:00",
"last_revision_date": "2024-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0948",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Symfony. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Symfony",
"vendor_advisories": [
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Symfony GHSA-jxgr-3v7q-3w9v",
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-jxgr-3v7q-3w9v"
},
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Symfony GHSA-x8vp-gf4q-mw5j",
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j"
},
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Symfony GHSA-qq5c-677p-737q",
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-qq5c-677p-737q"
},
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Symfony GHSA-9c3x-r3wp-mgxm",
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm"
},
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Symfony GHSA-mrqx-rp3w-jpjp",
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-mrqx-rp3w-jpjp"
},
{
"published_at": "2024-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Symfony GHSA-g3rh-rrhp-jhh9",
"url": "https://github.com/symfony/symfony/security/advisories/GHSA-g3rh-rrhp-jhh9"
}
]
}
CERTFR-2024-AVI-0120
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Schneider Electric | N/A | Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) toutes versions | ||
| Schneider Electric | N/A | Schneider Electric EcoStruxure™ Control Expert versions antérieures à v16.0 | ||
| Schneider Electric | N/A | Schneider Electric EcoStruxure IT Gateway versions antérieures à 1.20.0 | ||
| Schneider Electric | N/A | Schneider Electric Modicon M540 microgiciel versions antérieures à v3.60 | ||
| Symfony | process | Schneider Electric EcoStruxure™ Process Expert versions antérieures à v2023 | ||
| Schneider Electric | N/A | Schneider Electric Modicon M580 microgiciel versions antérieures à v4.20 | ||
| Schneider Electric | N/A | Schneider Electric Harmony Control Relay RMNF22TB30 toutes versions | ||
| Schneider Electric | Modicon M340 | Schneider Electric Modicon M340 CPU (part numbers BMXP34*) versions antérieures à sv3.60 | ||
| Schneider Electric | N/A | Schneider Electric Harmony Timer Relay RENF22R2MMW toutes versions | ||
| Schneider Electric | N/A | Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) versions antérieures à sv4.20 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Schneider Electric Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric EcoStruxure\u2122 Control Expert versions ant\u00e9rieures \u00e0 v16.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric EcoStruxure IT Gateway versions ant\u00e9rieures \u00e0 1.20.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Modicon M540 microgiciel versions ant\u00e9rieures \u00e0 v3.60",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric EcoStruxure\u2122 Process Expert versions ant\u00e9rieures \u00e0 v2023",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Schneider Electric Modicon M580 microgiciel versions ant\u00e9rieures \u00e0 v4.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Harmony Control Relay RMNF22TB30 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Modicon M340 CPU (part numbers BMXP34*) versions ant\u00e9rieures \u00e0 sv3.60",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Harmony Timer Relay RENF22R2MMW toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) versions ant\u00e9rieures \u00e0 sv4.20",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6408",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6408"
},
{
"name": "CVE-2023-27975",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-27975"
},
{
"name": "CVE-2018-7855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7855"
},
{
"name": "CVE-2024-0568",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0568"
},
{
"name": "CVE-2023-6409",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6409"
},
{
"name": "CVE-2024-0865",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0865"
}
],
"initial_release_date": "2024-02-13T00:00:00",
"last_revision_date": "2024-02-13T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0120",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-02-13T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Schneider\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2024-044-03 du 13 f\u00e9vrier 2024",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-03.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2024-044-01 du 13 f\u00e9vrier 2024",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-01.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-134-11 du 14 mai 2019",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-134-11\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-134-11_Modicon_Controllers_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2024-044-02 du 13 f\u00e9vrier 2024",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2024-044-02.pdf"
}
]
}
CERTFR-2022-AVI-717
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Eurotherm Data Reviewer3.0.2 software versions antérieures 4.0.0 | ||
| N/A | N/A | Modicon Momentum MDI (171CBU*) toutes versions | ||
| Schneider Electric | N/A | EcoStruxure Control Expert versions antérieures à 15.2 | ||
| Symfony | process | EcoStruxure Process Expert versions antérieures à 2021 | ||
| N/A | N/A | Modicon M580 CPU (BMEP* et BMEH*) versions antérieures à 4.01 | ||
| Schneider Electric | N/A | Legacy Modicon Quantum toutes versions | ||
| N/A | N/A | OPC UA Modicon Communication Module (BMENUA0100) versions antérieures à 2.01 | ||
| Schneider Electric | N/A | Modicon MC80 (BMKC80) toutes versions | ||
| Schneider Electric | Modicon M340 | Modicon M340 CPU (BMXP34*) versions antérieures 3.50 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Eurotherm Data Reviewer3.0.2 software versions ant\u00e9rieures 4.0.0",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon Momentum MDI (171CBU*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EcoStruxure Control Expert versions ant\u00e9rieures \u00e0 15.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 2021",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Modicon M580 CPU (BMEP* et BMEH*) versions ant\u00e9rieures \u00e0 4.01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Legacy Modicon Quantum toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "OPC UA Modicon Communication Module (BMENUA0100) versions ant\u00e9rieures \u00e0 2.01",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon MC80 (BMKC80) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Modicon M340 CPU (BMXP34*) versions ant\u00e9rieures 3.50",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6846",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6846"
},
{
"name": "CVE-2022-34760",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34760"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22791",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22791"
},
{
"name": "CVE-2022-34762",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34762"
},
{
"name": "CVE-2019-6841",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6841"
},
{
"name": "CVE-2021-45105",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45105"
},
{
"name": "CVE-2021-22779",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22779"
},
{
"name": "CVE-2021-22781",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22781"
},
{
"name": "CVE-2021-22780",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22780"
},
{
"name": "CVE-2021-4104",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4104"
},
{
"name": "CVE-2021-22790",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22790"
},
{
"name": "CVE-2022-37302",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37302"
},
{
"name": "CVE-2022-34761",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34761"
},
{
"name": "CVE-2022-34759",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34759"
},
{
"name": "CVE-2022-37301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37301"
},
{
"name": "CVE-2018-7241",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7241"
},
{
"name": "CVE-2021-22786",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22786"
},
{
"name": "CVE-2018-7242",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7242"
},
{
"name": "CVE-2019-6844",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6844"
},
{
"name": "CVE-2019-6842",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6842"
},
{
"name": "CVE-2021-22782",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22782"
},
{
"name": "CVE-2021-22778",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22778"
},
{
"name": "CVE-2022-34764",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34764"
},
{
"name": "CVE-2022-34763",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34763"
},
{
"name": "CVE-2021-45046",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-45046"
},
{
"name": "CVE-2022-37300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-37300"
},
{
"name": "CVE-2021-22789",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22789"
},
{
"name": "CVE-2019-6847",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6847"
},
{
"name": "CVE-2022-34765",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34765"
},
{
"name": "CVE-2021-44228",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"name": "CVE-2021-22792",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22792"
},
{
"name": "CVE-2019-6843",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6843"
},
{
"name": "CVE-2018-7240",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7240"
},
{
"name": "CVE-2011-4859",
"url": "https://www.cve.org/CVERecord?id=CVE-2011-4859"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-44832",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44832"
},
{
"name": "CVE-2020-12525",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-12525"
}
],
"initial_release_date": "2022-08-09T00:00:00",
"last_revision_date": "2022-09-08T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-717",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-08-09T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens",
"revision_date": "2022-08-22T00:00:00.000000"
},
{
"description": "Mise \u00e0 jour des liens des bulletins de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01, SEVD-2022-221-02 et SEVD-2022-221-04 du 9 ao\u00fbt 2022.",
"revision_date": "2022-09-08T00:00:00.000000"
},
{
"description": "Ajout du libell\u00e9 [SCADA] dans le titre.",
"revision_date": "2022-09-08T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SESB-2021-347-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SESB-2021-347-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SESB-2021-347-01_Apache_Log4j_Log4Shell_Vulnerabilities_Security_Notification_V14.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2019-281-02 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2019-281-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2019-281-02_Modicon_Controllers_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-01_EcoStruxure_Control_Expert_Modicon580_Security_Notification_V1.1.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-193-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-193-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-193-01_OPC_UA_X80_Advanced_RTU_Modicon_Communication_Modules_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-313-05_Badalloc_Vulnerabilities_Security_Notification_V10.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-03 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-03\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-03_EcoStruxure_Control_Expert_Security_Notification.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-02 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-02_Modicon_Controllers_Security_Notification_V1.1.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2018-081-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2018-081-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2018-081-01_Embedded_FTP_Servers_for_Modicon_PAC_Controllers_Security_Notification_V3.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-222-04 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-222-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-222-04_Modicon_PAC_Controllers_PLC_Simulator_Control_Expert_Process_Expert_Security_Notification_V2.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-194-01 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2021-194-01_EcoStruxure_Control_Expert_Process_Expert_SCADAPack_RemoteConnect_Modicon_M580_M340_Security_Notifcation_V4.0.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2022-221-04 du 9 ao\u00fbt 2022",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2022-221-04\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2022-221-04-Modicon_Controllers_Ethernet_Modules_Security_Notification_V1.1.pdf"
}
]
}
CERTFR-2021-AVI-853
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits Schneider. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions | ||
| N/A | N/A | versadac, toutes versions | ||
| Schneider Electric | N/A | EPack toutes versions | ||
| N/A | N/A | EPC2000 toutes versions | ||
| N/A | N/A | Modicon M262 Logic Controllers firmware version 5.1.5.35 et antérieures | ||
| N/A | N/A | SCD6000 Industrial RTU Version antérieures à SCD6000 is SY-1101211_Mand | ||
| N/A | N/A | SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et antérieures | ||
| N/A | N/A | NMC embedded devices | ||
| N/A | N/A | BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions | ||
| N/A | N/A | BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions | ||
| Schneider Electric | N/A | Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et antérieures | ||
| Symfony | process | EcoStruxure Process Expert versions antérieures à V2021 | ||
| N/A | N/A | Tricon Communication Modules versions antérieures à 11.8 | ||
| N/A | N/A | TelevisAir V3.0 Dongle BTLE (part number ADBT42* et antérieures) | ||
| Schneider Electric | Modicon M340 | Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions | ||
| Schneider Electric | N/A | Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et antérieures | ||
| Schneider Electric | N/A | T2750 PAC, toutes versions | ||
| Schneider Electric | N/A | Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et antérieures | ||
| N/A | N/A | HMISTO Series HMISTU/S5T Series toutes versions | ||
| Schneider Electric | N/A | TCSEGPA23F14F, BMECXM0100 toutes versions | ||
| N/A | N/A | HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et antérieures | ||
| N/A | N/A | BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions | ||
| N/A | N/A | Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions | ||
| N/A | N/A | Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et antérieures | ||
| N/A | N/A | Momentum ENT (170ENT11*) toutes versions | ||
| Schneider Electric | N/A | nanodac toutes versions | ||
| Schneider Electric | N/A | Network Management Card 2 (NMC2) | ||
| Schneider Electric | N/A | Schneider Electric Software Update, V2.3.0 à V2.5.1 | ||
| N/A | N/A | Network Management Card 3 (NMC3) | ||
| N/A | N/A | 6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions | ||
| Schneider Electric | N/A | BMXNOM0200 toutes versions | ||
| N/A | N/A | BMENOP0300, BMXNOR0200 toutes versions | ||
| Schneider Electric | N/A | Modicon LMC078 toutes versions | ||
| Schneider Electric | N/A | E+PLC400 toutes versions | ||
| N/A | N/A | Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et antérieures |
References
| Title | Publication Time | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Momentum MDI (171CBU*), MC80 (BMKC8*), HART (BMEAH*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "versadac, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "EPack toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EPC2000 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M262 Logic Controllers firmware version 5.1.5.35 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SCD6000 Industrial RTU Version ant\u00e9rieures \u00e0 SCD6000 is SY-1101211_Mand",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "SCADAPack 312E, 313E, 314E, 330E, 333E, 334E, 337E, 350E et 357E RTUs avec le firmware V8.18.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "NMC embedded devices",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMENOC0321, BMENOC0301, BMENOC0311, BMENOS0300 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMECRA31210, BMXCRA31200, BMXCRA31210, 140CRA31200, 140CRA31908 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M241/M251 Logic Controllers firmware version 5.1.9.21 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "EcoStruxure Process Expert versions ant\u00e9rieures \u00e0 V2021",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Tricon Communication Modules versions ant\u00e9rieures \u00e0 11.8",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TelevisAir V3.0 Dongle BTLE (part number ADBT42* et ant\u00e9rieures)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon M580 CPU (BMEP* and BMEH*), Modicon M340 CPU (BMXP34*), BMXNOM0200 toutes versions",
"product": {
"name": "Modicon M340",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Easy Harmony GXU (HMIGXU Series) et Easy Harmony ET6 (HMIET Series) Vijeo Designer Basic V1.2 family et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "T2750 PAC, toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Eurotherm by Schneider Electric GUIcon Version 2.0 (Build 683.003) et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISTO Series HMISTU/S5T Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "TCSEGPA23F14F, BMECXM0100 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "HMISCU,HMIGTU, HMIG2U, HMIG3U, HMIG3X, HMIGTO Series Vijeo Designer (V6.2 SP11) family et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOE0100, BMXNOE0110, BMXNGD0100, BMXNOC0401 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face GP4100 Series, GP4000E Series, GP4000M Series toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Pro-face SP-5B00, SP-5B10, SP-5B90, ST6000 Series (GP-ProEX model), ET6000 Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Momentum ENT (170ENT11*) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "nanodac toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 2 (NMC2)",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Schneider Electric Software Update, V2.3.0 \u00e0 V2.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Network Management Card 3 (NMC3)",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "6100A, 6180A, 6100XIO, 6180XIO, AeroDAQ toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BMXNOM0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "BMENOP0300, BMXNOR0200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Modicon LMC078 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "E+PLC400 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Schneider Electric",
"scada": true
}
}
},
{
"description": "Pro-face GP4000 Series, LT4000M Series, GP4000H Series GP-Pro EX V4.09.300 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22808",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22808"
},
{
"name": "CVE-2021-34527",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-34527"
},
{
"name": "CVE-2021-22811",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22811"
},
{
"name": "CVE-2021-22813",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22813"
},
{
"name": "CVE-2020-35198",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-35198"
},
{
"name": "CVE-2021-22807",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22807"
},
{
"name": "CVE-2021-22810",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22810"
},
{
"name": "CVE-2021-22815",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22815"
},
{
"name": "CVE-2021-1675",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-1675"
},
{
"name": "CVE-2021-22812",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22812"
},
{
"name": "CVE-2021-22809",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22809"
},
{
"name": "CVE-2021-22814",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22814"
},
{
"name": "CVE-2020-28895",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28895"
},
{
"name": "CVE-2021-22799",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22799"
},
{
"name": "CVE-2021-22816",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22816"
}
],
"initial_release_date": "2021-11-09T00:00:00",
"last_revision_date": "2021-11-09T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-853",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-11-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSchneider. Certaines d\u0027entre elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de\nservice \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Schneider",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-07 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-07"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-01 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-06 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-06"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-05 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-05"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-04 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-04"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-02 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-02"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Schneider SEVD-2021-313-03 du 9 novembre 2021",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-313-03"
}
]
}
CERTA-2012-AVI-492
Vulnerability from certfr_avis
Une vulnérabilité a été corrigée dans Honeywell. Elle concerne un débordement de mémoire tampon dans l'ActiveX HSCDSPRenderDLL et peut mener un utilisateur malintentionné à exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Honeywell Building Solutions Entreprise Building Management ; | ||
| N/A | N/A | Honeywell SymmetrE R410.1. | ||
| Symfony | process | Honeywell Process Solutions Experion R30x ; | ||
| Symfony | N/A | Honeywell R410.1 ; | ||
| Symfony | N/A | Honeywell R400 ; | ||
| Symfony | process | Honeywell Process Solutions Experion R31x ; | ||
| Symfony | process | Honeywell Process Solutions Experion R2xx ; | ||
| Symfony | process | Honeywell Process Solutions Experion R400.x ; |
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Honeywell Building Solutions Entreprise Building Management ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Honeywell SymmetrE R410.1.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Honeywell Process Solutions Experion R30x ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Honeywell R410.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Honeywell R400 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Honeywell Process Solutions Experion R31x ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Honeywell Process Solutions Experion R2xx ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Honeywell Process Solutions Experion R400.x ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2012-0254",
"url": "https://www.cve.org/CVERecord?id=CVE-2012-0254"
}
],
"initial_release_date": "2012-09-10T00:00:00",
"last_revision_date": "2012-09-10T00:00:00",
"links": [
{
"title": "Descriptif de vuln\u00e9rabilit\u00e9 Honeywell, document \u00ab SN 2012 03 09 01A \u00bb :",
"url": "http://www.honeywellprocess.com"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 ICS-CERT ICSA-12-150-01 du 05 septembre 2012 :",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-150-01.pdf"
}
],
"reference": "CERTA-2012-AVI-492",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2012-09-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans \u003cspan\nclass=\"textit\"\u003eHoneywell\u003c/span\u003e. Elle concerne un d\u00e9bordement de m\u00e9moire\ntampon dans l\u0027\u003cspan class=\"textit\"\u003eActiveX\u003c/span\u003e \u003cspan\nclass=\"textit\"\u003eHSCDSPRenderDLL\u003c/span\u003e et peut mener un utilisateur\nmalintentionn\u00e9 \u00e0 ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans le syst\u00e8me SCADA Honeywell HMIWeb",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 ICS-CERT ICSA-12-250-01 du 07 septembre 2012",
"url": null
}
]
}
CERTA-2007-AVI-351
Vulnerability from certfr_avis
Plusieurs applications de HP OpenView sont vulnérables à un débordement de mémoire.
Description
Un service partagé par plusieurs applications est vulnérable à un débordement de mémoire, ce qui rend les logiciels l'utilisant vulnérables. Un utilisateur malintentionné pourrait exploiter ces failles pour exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Symfony | process | HP OpenView Service Desk Process Insight (SDPI) 2.x ; | ||
| N/A | N/A | HP OpenView Network Node Manager (NNM) 6.x ; | ||
| Symfony | process | HP Service Desk Process Insight (HPSDPI) 2.x. | ||
| Symfony | process | HP OpenView Business Process Insight (OVBPI) 2.x ; | ||
| N/A | N/A | HP OpenView Network Node Manager (NNM) 7.x ; | ||
| Microsoft | Windows | HP OpenView Operations Manager for Windows (OVOW) 7.x ; | ||
| Symfony | process | HP Business Process Insight (HPBPI) 2.x ; | ||
| Symfony | process | HP OpenView Service Desk Process Insight (SDPI) 1.x ; | ||
| Symfony | process | HP Service Desk Process Insight (HPSDPI) 1.x ; | ||
| N/A | N/A | HP OpenView Performance Manager (OVPM) 6.x ; | ||
| Broadcom | Reporter | HP OpenView Reporter 3.x ; | ||
| Symfony | process | HP OpenView Business Process Insight (OVBPI) 1.x ; | ||
| N/A | N/A | HP OpenView Performance Manager (OVPM) 5.x ; | ||
| Symfony | process | HP Business Process Insight (HPBPI) 1.x ; | ||
| N/A | N/A | HP OpenView Performance Insight (OVPI) 5.x ; | ||
| Symfony | N/A | HP OpenView Operations HTTPS Agent 8.x ; | ||
| Symfony | N/A | HP OpenView Internet Service (OVIS) 6.x ; | ||
| Symfony | N/A | HP OpenView Dashboard 2.x ; | ||
| N/A | N/A | HP OpenView Service Quality Manager (OV SQM) 1.x ; | ||
| N/A | N/A | HP OpenView Performance Agent ; |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "HP OpenView Service Desk Process Insight (SDPI) 2.x ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "HP OpenView Network Node Manager (NNM) 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Service Desk Process Insight (HPSDPI) 2.x.",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "HP OpenView Business Process Insight (OVBPI) 2.x ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "HP OpenView Network Node Manager (NNM) 7.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP OpenView Operations Manager for Windows (OVOW) 7.x ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HP Business Process Insight (HPBPI) 2.x ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "HP OpenView Service Desk Process Insight (SDPI) 1.x ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "HP Service Desk Process Insight (HPSDPI) 1.x ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "HP OpenView Performance Manager (OVPM) 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP OpenView Reporter 3.x ;",
"product": {
"name": "Reporter",
"vendor": {
"name": "Broadcom",
"scada": false
}
}
},
{
"description": "HP OpenView Business Process Insight (OVBPI) 1.x ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "HP OpenView Performance Manager (OVPM) 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP Business Process Insight (HPBPI) 1.x ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "HP OpenView Performance Insight (OVPI) 5.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP OpenView Operations HTTPS Agent 8.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "HP OpenView Internet Service (OVIS) 6.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "HP OpenView Dashboard 2.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "HP OpenView Service Quality Manager (OV SQM) 1.x ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "HP OpenView Performance Agent ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUn service partag\u00e9 par plusieurs applications est vuln\u00e9rable \u00e0 un\nd\u00e9bordement de m\u00e9moire, ce qui rend les logiciels l\u0027utilisant\nvuln\u00e9rables. Un utilisateur malintentionn\u00e9 pourrait exploiter ces\nfailles pour ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-3872",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-3872"
}
],
"initial_release_date": "2007-08-10T00:00:00",
"last_revision_date": "2007-08-10T00:00:00",
"links": [
{
"title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110627"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114023"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109171"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01115068"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01112038"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01106515"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01111851"
},
{
"title": "R\u00e9f\u00e9rence CVE CVE2007-3872:",
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi.name=CVE-2007-3872"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109617"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01114156"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01109584"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007 :",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01110576"
}
],
"reference": "CERTA-2007-AVI-351",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-08-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs applications de HP OpenView sont vuln\u00e9rables \u00e0 un d\u00e9bordement\nde m\u00e9moire.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans HP OpenView",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletins de s\u00e9curit\u00e9 HP HPSBMA02235 \u00e0 HPSBMA002246 du 07 ao\u00fbt 2007",
"url": null
}
]
}
CERTA-2006-AVI-046
Vulnerability from certfr_avis
None
Description
Une vulnérabilité a été découverte dans plusieurs produits de la société Computer Associate. Cette vulnérabilité, de type débordement de mémoire et présente dans le module iGateway, peut être exploitée par un utilisateur mal intentionné afin de réaliser un déni de service et/ou exécuter du code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | BrightStor ARCserve Backup v9.01 ; | ||
| N/A | N/A | Unicenter Service Delivery R11 ; | ||
| N/A | N/A | BrightStor ARCserve Backup Laptop & Desktop r11.1 ; | ||
| N/A | N/A | eTrust Secure Content Manager (SCM) R8 ; | ||
| Centreon | Web | Unicenter Web Server Management R11 ; | ||
| N/A | N/A | BrightStor Storage Resource Manager r11.1 ; | ||
| N/A | N/A | Unicenter Application Performance Monitor R11 ; | ||
| N/A | N/A | eTrust Directory R8.1 ; | ||
| Liferay | N/A | Unicenter Service Catalog/Fulfillment/Accounting R11 ; | ||
| N/A | N/A | eTrust Audit 8.0 (iRecorders et ARIES) ; | ||
| Symfony | process | BrightStor Process Automation Manager r11.1 ; | ||
| Liferay | N/A | Unicenter AutoSys JM R11 ; | ||
| N/A | N/A | BrightStor ARCserve Backup Laptop & Desktop r11 ; | ||
| N/A | N/A | Unicenter MQ Management R11 ; | ||
| N/A | N/A | eTrust Integrated Threat Management (ITM) R8 ; | ||
| Microsoft | Windows | BrightStor ARCserve Backup for Windows r11 ; | ||
| N/A | N/A | BrightStor Storage Resource Manager 6.4 ; | ||
| Matrix | N/A | Unicenter Service Matrix Analysis R11 ; | ||
| N/A | N/A | Unicenter Management for WebLogic / Management for WebSphere R11 ; | ||
| N/A | N/A | eTrust Identity Minder 8.0 ; | ||
| Liferay | Portal | BrightStor Portal 11.1 ; | ||
| N/A | N/A | eTrust Admin 8.1 ; | ||
| N/A | N/A | Unicenter Exchange Management R11. | ||
| N/A | N/A | Unicenter Service Fulfillment R11 ; | ||
| N/A | N/A | BrightStor Enterprise Backup 10.5 ; | ||
| N/A | N/A | Unicenter Service Level Management (USLM) R11 ; | ||
| N/A | N/A | Unicenter Service Desk R11 ; | ||
| N/A | N/A | iGateway versions antérieures à la version 4.0.051230 ; | ||
| N/A | N/A | BrightStor Storage Resource Manager 6.3 ; | ||
| N/A | N/A | BrightStor SAN Manager r11.5 ; | ||
| Liferay | N/A | Unicenter Service Desk Knowledge Tools R11 ; | ||
| N/A | N/A | BrightStor ARCserve Backup r11.5 ; | ||
| N/A | N/A | Advantage Data Transformer (ADT) R2.2 ; | ||
| Centreon | Web | Unicenter CA Web Services Distributed Management R11 ; | ||
| Liferay | N/A | Unicenter Asset Portfolio Management R11 ; | ||
| Liferay | N/A | Unicenter Service Fulfillment 2.2 ; | ||
| N/A | N/A | eTrust Audit 1.5 SP2 (iRecorders et ARIES) ; | ||
| N/A | N/A | BrightStor Storage Resource Manager r11.5 ; | ||
| N/A | N/A | Unicenter Application Server Managment R11 ; | ||
| N/A | N/A | BrightStor ARCserve Backup r11.1 ; | ||
| N/A | N/A | BrightStor SAN Manager r11.1 ; | ||
| N/A | N/A | eTrust Audit 1.5 SP3 (iRecorders et ARIES) ; |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "BrightStor ARCserve Backup v9.01 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Delivery R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup Laptop \u0026 Desktop r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eTrust Secure Content Manager (SCM) R8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Web Server Management R11 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "BrightStor Storage Resource Manager r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Application Performance Monitor R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eTrust Directory R8.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Catalog/Fulfillment/Accounting R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "eTrust Audit 8.0 (iRecorders et ARIES) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor Process Automation Manager r11.1 ;",
"product": {
"name": "process",
"vendor": {
"name": "Symfony",
"scada": false
}
}
},
{
"description": "Unicenter AutoSys JM R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup Laptop \u0026 Desktop r11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter MQ Management R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eTrust Integrated Threat Management (ITM) R8 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup for Windows r11 ;",
"product": {
"name": "Windows",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "BrightStor Storage Resource Manager 6.4 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Matrix Analysis R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Matrix",
"scada": false
}
}
},
{
"description": "Unicenter Management for WebLogic / Management for WebSphere R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eTrust Identity Minder 8.0 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor Portal 11.1 ;",
"product": {
"name": "Portal",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "eTrust Admin 8.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Exchange Management R11.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Fulfillment R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor Enterprise Backup 10.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Level Management (USLM) R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Desk R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "iGateway versions ant\u00e9rieures \u00e0 la version 4.0.051230 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor Storage Resource Manager 6.3 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor SAN Manager r11.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Service Desk Knowledge Tools R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Advantage Data Transformer (ADT) R2.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter CA Web Services Distributed Management R11 ;",
"product": {
"name": "Web",
"vendor": {
"name": "Centreon",
"scada": false
}
}
},
{
"description": "Unicenter Asset Portfolio Management R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "Unicenter Service Fulfillment 2.2 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "Liferay",
"scada": false
}
}
},
{
"description": "eTrust Audit 1.5 SP2 (iRecorders et ARIES) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor Storage Resource Manager r11.5 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Unicenter Application Server Managment R11 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor ARCserve Backup r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "BrightStor SAN Manager r11.1 ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "eTrust Audit 1.5 SP3 (iRecorders et ARIES) ;",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans plusieurs produits de la soci\u00e9t\u00e9\nComputer Associate. Cette vuln\u00e9rabilit\u00e9, de type d\u00e9bordement de m\u00e9moire\net pr\u00e9sente dans le module iGateway, peut \u00eatre exploit\u00e9e par un\nutilisateur mal intentionn\u00e9 afin de r\u00e9aliser un d\u00e9ni de service et/ou\nex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2005-3653",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-3653"
}
],
"initial_release_date": "2006-01-26T00:00:00",
"last_revision_date": "2006-01-26T00:00:00",
"links": [
{
"title": "Site de l\u0027\u00e9diteur :",
"url": "http://www.ca.com"
},
{
"title": "Mise \u00e0 jour :",
"url": "ftp://ftp.ca.com/pub/iTech/downloads"
}
],
"reference": "CERTA-2006-AVI-046",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-01-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9 des produits Computer Associate",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de mise \u00e0 jour Computer Associate",
"url": null
}
]
}