Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-40356 (GCVE-0-2021-40356)
Vulnerability from cvelistv5 – Published: 2021-09-14 10:48 – Updated: 2024-08-04 02:44
VLAI?
EPSS
Summary
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
Severity ?
No CVSS data available.
CWE
- CWE-611 - Improper Restriction of XML External Entity Reference
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Siemens | Teamcenter V12.4 |
Affected:
All versions < V12.4.0.8
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:44:10.071Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Teamcenter V12.4",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V12.4.0.8"
}
]
},
{
"product": "Teamcenter V13.0",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.0.0.7"
}
]
},
{
"product": "Teamcenter V13.1",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13.1.0.5"
}
]
},
{
"product": "Teamcenter V13.2",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c 13.2.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Teamcenter V12.4 (All versions \u003c V12.4.0.8), Teamcenter V13.0 (All versions \u003c V13.0.0.7), Teamcenter V13.1 (All versions \u003c V13.1.0.5), Teamcenter V13.2 (All versions \u003c 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:48:00.000Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-40356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Teamcenter V12.4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V12.4.0.8"
}
]
}
},
{
"product_name": "Teamcenter V13.0",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.0.0.7"
}
]
}
},
{
"product_name": "Teamcenter V13.1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0.5"
}
]
}
},
{
"product_name": "Teamcenter V13.2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 13.2.0.2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Teamcenter V12.4 (All versions \u003c V12.4.0.8), Teamcenter V13.0 (All versions \u003c V13.0.0.7), Teamcenter V13.1 (All versions \u003c V13.1.0.5), Teamcenter V13.2 (All versions \u003c 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-40356",
"datePublished": "2021-09-14T10:48:00.000Z",
"dateReserved": "2021-09-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:44:10.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GSD-2021-40356
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-40356",
"description": "A vulnerability has been identified in Teamcenter V12.4 (All versions \u003c V12.4.0.8), Teamcenter V13.0 (All versions \u003c V13.0.0.7), Teamcenter V13.1 (All versions \u003c V13.1.0.5), Teamcenter V13.2 (All versions \u003c 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.",
"id": "GSD-2021-40356"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-40356"
],
"details": "A vulnerability has been identified in Teamcenter V12.4 (All versions \u003c V12.4.0.8), Teamcenter V13.0 (All versions \u003c V13.0.0.7), Teamcenter V13.1 (All versions \u003c V13.1.0.5), Teamcenter V13.2 (All versions \u003c 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.",
"id": "GSD-2021-40356",
"modified": "2023-12-13T01:23:25.258990Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-40356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Teamcenter V12.4",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V12.4.0.8"
}
]
}
},
{
"product_name": "Teamcenter V13.0",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.0.0.7"
}
]
}
},
{
"product_name": "Teamcenter V13.1",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V13.1.0.5"
}
]
}
},
{
"product_name": "Teamcenter V13.2",
"version": {
"version_data": [
{
"version_value": "All versions \u003c 13.2.0.2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in Teamcenter V12.4 (All versions \u003c V12.4.0.8), Teamcenter V13.0 (All versions \u003c V13.0.0.7), Teamcenter V13.1 (All versions \u003c V13.1.0.5), Teamcenter V13.2 (All versions \u003c 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-611: Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.4.0.8",
"versionStartIncluding": "12.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.0.0.7",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.1.0.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "13.2.0.2",
"versionStartIncluding": "13.2.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-40356"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A vulnerability has been identified in Teamcenter V12.4 (All versions \u003c V12.4.0.8), Teamcenter V13.0 (All versions \u003c V13.0.0.7), Teamcenter V13.1 (All versions \u003c V13.1.0.5), Teamcenter V13.2 (All versions \u003c 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-09-28T13:17Z",
"publishedDate": "2021-09-14T11:15Z"
}
}
}
CERTFR-2021-AVI-706
Vulnerability from certfr_avis - Published: 2021-09-15 - Updated: 2021-09-15
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | Industrial Edge Management versions antérieures à V1.3 | ||
| Siemens | N/A | SIMATIC RF350M toutes versions | ||
| Siemens | N/A | SIPROTEC 5 relays with CPU variants CP050 versions antérieures à V8.80 | ||
| Siemens | N/A | SCALANCE X204-2TS versions antérieures à V5.2.5 | ||
| Siemens | N/A | SCALANCE X306-1LD FE toutes versions | ||
| Siemens | N/A | TALON TC Modular (BACnet) versions antérieures à V3.5.3 | ||
| Siemens | N/A | SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROX RX1501 versions antérieures à V2.14.1 | ||
| Siemens | N/A | SCALANCE X201-3P IRT PRO toutes versions | ||
| Siemens | N/A | APOGEE MBC (PPC) (P2 Ethernet) toutes versions >= V2.6.3 | ||
| Siemens | N/A | Teamcenter V12.4 versions antérieures à V12.4.0.8 | ||
| Siemens | N/A | SCALANCE X302-7 EEC toutes versions | ||
| Siemens | N/A | Desigo CC V4.0 toutes versions | ||
| Siemens | N/A | SCALANCE X304-2FE toutes versions | ||
| Siemens | N/A | APOGEE PXC Modular (P2 Ethernet) toutes versions >= V2.8 | ||
| Siemens | N/A | APOGEE MEC (PPC) (P2 Ethernet) toutes versions >= V2.6.3 | ||
| Siemens | N/A | SINEC NMS versions antérieures à V1.0 SP1 | ||
| Siemens | N/A | SCALANCE X202-2 IRT toutes versions | ||
| Siemens | N/A | SIMATIC CP 1543-1 (incl. SIPLUS variants) versions antérieures à V3.0 | ||
| Siemens | N/A | SIPROTEC 5 relays with CPU variants CP300 versions antérieures à V8.80 | ||
| Siemens | N/A | SCALANCE X308-2LD toutes versions | ||
| Siemens | N/A | SCALANCE X212-2 (incl. SIPLUS NET variant) versions antérieures à V5.2.5 | ||
| Siemens | N/A | RUGGEDCOM ROX RX1524 versions antérieures à V2.14.1 | ||
| Siemens | N/A | SCALANCE XR324-4M PoE toutes versions | ||
| Siemens | N/A | Desigo CC toutes versions with OIS Extension Module | ||
| Siemens | N/A | Teamcenter Active Workspace V4.3 versions antérieures à V4.3.10 | ||
| Siemens | N/A | SCALANCE X310 toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROX RX5000 versions antérieures à V2.14.1 | ||
| Siemens | N/A | SCALANCE X308-2LH+ toutes versions | ||
| Siemens | N/A | NX 1980 Series versions antérieures à V1984 | ||
| Siemens | N/A | Simcenter STAR-CCM+ Viewer versions antérieures à V2021.2.1 | ||
| Siemens | N/A | SCALANCE X204 IRT PRO toutes versions | ||
| Siemens | N/A | SCALANCE XR324-12M toutes versions | ||
| Siemens | N/A | Teamcenter Active Workspace V5.2 versions antérieures à V5.2.1 | ||
| Siemens | N/A | SCALANCE X308-2M toutes versions | ||
| Siemens | N/A | Siveillance Control toutes versions with OIS running on Debian 9 or earlier | ||
| Siemens | N/A | RUGGEDCOM ROX RX1400 versions antérieures à V2.14.1 | ||
| Siemens | N/A | SCALANCE X408-2 toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (P2 Ethernet) toutes versions >= V2.8 | ||
| Siemens | N/A | SCALANCE X308-2M TS toutes versions | ||
| Siemens | N/A | Operation Scheduler toutes versions with OIS running on Debian 9 or earlier | ||
| Siemens | N/A | SCALANCE XR324-4M PoE TS toutes versions | ||
| Siemens | N/A | Desigo CC V4.1 toutes versions | ||
| Siemens | N/A | Desigo CC Compact V4.0 toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROX RX1512 versions antérieures à V2.14.1 | ||
| Siemens | N/A | Simcenter Femap V2020.2 toutes versions | ||
| Siemens | N/A | SCALANCE XF204 IRT toutes versions | ||
| Siemens | N/A | Desigo CC V4.2 toutes versions | ||
| Siemens | N/A | Teamcenter V13.0 versions antérieures à V13.0.0.7 | ||
| Siemens | N/A | SCALANCE X201-3P IRT toutes versions | ||
| Siemens | N/A | SCALANCE XF202-2P IRT toutes versions | ||
| Siemens | N/A | SCALANCE XF204-2BA IRT toutes versions | ||
| Siemens | N/A | SCALANCE XF206-1 versions antérieures à V5.2.5 | ||
| Siemens | N/A | SCALANCE XF201-3P IRT toutes versions | ||
| Siemens | N/A | SCALANCE X307-3LD toutes versions | ||
| Siemens | N/A | Simcenter Femap V2021.1 toutes versions | ||
| Siemens | N/A | SCALANCE X307-3 toutes versions | ||
| Siemens | N/A | SIPROTEC 5 relays with CPU variants CP200 toutes versions | ||
| Siemens | N/A | SIMATIC RF650M toutes versions | ||
| Siemens | N/A | Siveillance Control Pro toutes versions | ||
| Siemens | N/A | SCALANCE X310FE toutes versions | ||
| Siemens | N/A | Cerberus DMS V5.0 versions antérieures à v5.0 QU1 | ||
| Siemens | N/A | SINEMA Server versions antérieures à V14 SP3 | ||
| Siemens | N/A | TALON TC Compact (BACnet) versions antérieures à V3.5.3 | ||
| Siemens | N/A | SCALANCE X202-2P IRT (incl. SIPLUS NET variant) toutes versions | ||
| Siemens | N/A | APOGEE PXC Compact (BACnet) versions antérieures à V3.5.3 | ||
| Siemens | N/A | SCALANCE X224 versions antérieures à V5.2.5 | ||
| Siemens | N/A | SIMATIC CP 343-1 Lean (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SIMATIC CP 343-1 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE XR324-12M TS toutes versions | ||
| Siemens | N/A | Cerberus DMS V4.2 toutes versions | ||
| Siemens | N/A | SCALANCE X320-1-2LD FE toutes versions | ||
| Siemens | N/A | SIMATIC RTU 3000 family toutes versions | ||
| Siemens | N/A | SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROX MX5000 versions antérieures à V2.14.1 | ||
| Siemens | N/A | Teamcenter V13.1 versions antérieures à V13.1.0.5 | ||
| Siemens | N/A | SIMATIC CP 1545-1 toutes versions | ||
| Siemens | N/A | Desigo CC Compact V5.0 versions antérieures à V5.0 QU1 | ||
| Siemens | N/A | SCALANCE XF208 versions antérieures à V5.2.5 | ||
| Siemens | N/A | SCALANCE X308-2LH toutes versions | ||
| Siemens | N/A | SCALANCE X204-2 (incl. SIPLUS NET variant) versions antérieures à V5.2.5 | ||
| Siemens | N/A | RUGGEDCOM ROX RX1511 versions antérieures à V2.14.1 | ||
| Siemens | N/A | RUGGEDCOM ROX RX1500 versions antérieures à V2.14.1 | ||
| Siemens | N/A | SCALANCE X200-4P IRT toutes versions | ||
| Siemens | N/A | Teamcenter V13.2 versions antérieures à 13.2.0.2 | ||
| Siemens | N/A | SCALANCE XR324-4M EEC toutes versions | ||
| Siemens | N/A | SCALANCE XF204 versions antérieures à V5.2.5 | ||
| Siemens | N/A | Desigo CC V5.0 versions antérieures à V5.0 QU1 | ||
| Siemens | N/A | SCALANCE X307-2 EEC toutes versions | ||
| Siemens | N/A | SCALANCE X320-1 FE toutes versions | ||
| Siemens | N/A | SCALANCE X204-2FM versions antérieures à V5.2.5 | ||
| Siemens | N/A | GMA-Manager toutes versions with OIS running on Debian 9 or earlier | ||
| Siemens | N/A | SIMATIC CP 443-1 (incl. SIPLUS variants) toutes versions | ||
| Siemens | N/A | SCALANCE X202-2P IRT PRO toutes versions | ||
| Siemens | N/A | Cerberus DMS V4.0 toutes versions | ||
| Siemens | N/A | SINEMA Remote Connect Server versions antérieures à V3.0 SP2 | ||
| Siemens | N/A | LOGO! CMR2020 versions antérieures à V2.2 | ||
| Siemens | N/A | Desigo CC Compact V4.1 toutes versions | ||
| Siemens | N/A | APOGEE PXC Modular (BACnet) versions antérieures à V3.5.3 | ||
| Siemens | N/A | SCALANCE XF204-2 (incl. SIPLUS NET variant) versions antérieures à V5.2.5 | ||
| Siemens | N/A | SCALANCE X204 IRT toutes versions | ||
| Siemens | N/A | SIMATIC CP 343-1 ERPC toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROX RX1510 versions antérieures à V2.14.1 | ||
| Siemens | N/A | Cerberus DMS V4.1 toutes versions | ||
| Siemens | N/A | Teamcenter Active Workspace V5.0 versions antérieures à V5.0.8 | ||
| Siemens | N/A | SCALANCE X204-2LD TS versions antérieures à V5.2.5 | ||
| Siemens | N/A | SCALANCE X204-2LD (incl. SIPLUS NET variant) versions antérieures à V5.2.5 | ||
| Siemens | N/A | SIPROTEC 5 relays with CPU variants CP100 versions antérieures à V8.80 | ||
| Siemens | N/A | LOGO! CMR2040 versions antérieures à V2.2 | ||
| Siemens | N/A | Desigo CC Compact V4.2 toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROX RX1536 versions antérieures à V2.14.1 | ||
| Siemens | N/A | SCALANCE X208PRO versions antérieures à V5.2.5 | ||
| Siemens | N/A | SCALANCE X308-2M PoE toutes versions | ||
| Siemens | N/A | SCALANCE X206-1LD versions antérieures à V5.2.5 | ||
| Siemens | N/A | SCALANCE X208 (incl. SIPLUS NET variant) versions antérieures à V5.2.5 | ||
| Siemens | N/A | SCALANCE X216 versions antérieures à V5.2.5 | ||
| Siemens | N/A | SCALANCE X206-1 versions antérieures à V5.2.5 | ||
| Siemens | N/A | SCALANCE X212-2LD versions antérieures à V5.2.5 | ||
| Siemens | N/A | Teamcenter Active Workspace V5.1 versions antérieures à V5.1.5 | ||
| Siemens | N/A | SCALANCE X308-2 (incl. SIPLUS NET variant) toutes versions |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Industrial Edge Management versions ant\u00e9rieures \u00e0 V1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF350M toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 relays with CPU variants CP050 versions ant\u00e9rieures \u00e0 V8.80",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2TS versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X306-1LD FE toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX RX1501 versions ant\u00e9rieures \u00e0 V2.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT PRO toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MBC (PPC) (P2 Ethernet) toutes versions \u003e= V2.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V12.4 versions ant\u00e9rieures \u00e0 V12.4.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X302-7 EEC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC V4.0 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X304-2FE toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (P2 Ethernet) toutes versions \u003e= V2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE MEC (PPC) (P2 Ethernet) toutes versions \u003e= V2.6.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC NMS versions ant\u00e9rieures \u00e0 V1.0 SP1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2 IRT toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1543-1 (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 relays with CPU variants CP300 versions ant\u00e9rieures \u00e0 V8.80",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LD toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X212-2 (incl. SIPLUS NET variant) versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX RX1524 versions ant\u00e9rieures \u00e0 V2.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC toutes versions with OIS Extension Module",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace V4.3 versions ant\u00e9rieures \u00e0 V4.3.10",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X310 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX RX5000 versions ant\u00e9rieures \u00e0 V2.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LH+ toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "NX 1980 Series versions ant\u00e9rieures \u00e0 V1984",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter STAR-CCM+ Viewer versions ant\u00e9rieures \u00e0 V2021.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204 IRT PRO toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace V5.2 versions ant\u00e9rieures \u00e0 V5.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Control toutes versions with OIS running on Debian 9 or earlier",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX RX1400 versions ant\u00e9rieures \u00e0 V2.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X408-2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (P2 Ethernet) toutes versions \u003e= V2.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M TS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Operation Scheduler toutes versions with OIS running on Debian 9 or earlier",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M PoE TS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC V4.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC Compact V4.0 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX RX1512 versions ant\u00e9rieures \u00e0 V2.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter Femap V2020.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204 IRT toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC V4.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.0 versions ant\u00e9rieures \u00e0 V13.0.0.7",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X201-3P IRT toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF202-2P IRT toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2BA IRT toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF206-1 versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF201-3P IRT toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-3LD toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Simcenter Femap V2021.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-3 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 relays with CPU variants CP200 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF650M toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Siveillance Control Pro toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X310FE toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus DMS V5.0 versions ant\u00e9rieures \u00e0 v5.0 QU1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server versions ant\u00e9rieures \u00e0 V14 SP3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TALON TC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT (incl. SIPLUS NET variant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Compact (BACnet) versions ant\u00e9rieures \u00e0 V3.5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X224 versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Lean (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-12M TS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus DMS V4.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X320-1-2LD FE toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RTU 3000 family toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX MX5000 versions ant\u00e9rieures \u00e0 V2.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.1 versions ant\u00e9rieures \u00e0 V13.1.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 1545-1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC Compact V5.0 versions ant\u00e9rieures \u00e0 V5.0 QU1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF208 versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2LH toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2 (incl. SIPLUS NET variant) versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX RX1511 versions ant\u00e9rieures \u00e0 V2.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX RX1500 versions ant\u00e9rieures \u00e0 V2.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X200-4P IRT toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter V13.2 versions ant\u00e9rieures \u00e0 13.2.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XR324-4M EEC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204 versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC V5.0 versions ant\u00e9rieures \u00e0 V5.0 QU1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X307-2 EEC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X320-1 FE toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2FM versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "GMA-Manager toutes versions with OIS running on Debian 9 or earlier",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 443-1 (incl. SIPLUS variants) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X202-2P IRT PRO toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus DMS V4.0 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server versions ant\u00e9rieures \u00e0 V3.0 SP2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! CMR2020 versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC Compact V4.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "APOGEE PXC Modular (BACnet) versions ant\u00e9rieures \u00e0 V3.5.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE XF204-2 (incl. SIPLUS NET variant) versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204 IRT toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP 343-1 ERPC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX RX1510 versions ant\u00e9rieures \u00e0 V2.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Cerberus DMS V4.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace V5.0 versions ant\u00e9rieures \u00e0 V5.0.8",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2LD TS versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X204-2LD (incl. SIPLUS NET variant) versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIPROTEC 5 relays with CPU variants CP100 versions ant\u00e9rieures \u00e0 V8.80",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "LOGO! CMR2040 versions ant\u00e9rieures \u00e0 V2.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Desigo CC Compact V4.2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX RX1536 versions ant\u00e9rieures \u00e0 V2.14.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X208PRO versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2M PoE toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X206-1LD versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X208 (incl. SIPLUS NET variant) versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X216 versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X206-1 versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X212-2LD versions ant\u00e9rieures \u00e0 V5.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Teamcenter Active Workspace V5.1 versions ant\u00e9rieures \u00e0 V5.1.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SCALANCE X308-2 (incl. SIPLUS NET variant) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-37186",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37186"
},
{
"name": "CVE-2021-37190",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37190"
},
{
"name": "CVE-2021-40356",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40356"
},
{
"name": "CVE-2021-33716",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33716"
},
{
"name": "CVE-2021-37191",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37191"
},
{
"name": "CVE-2020-36478",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36478"
},
{
"name": "CVE-2021-37193",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37193"
},
{
"name": "CVE-2020-7461",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7461"
},
{
"name": "CVE-2021-40354",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40354"
},
{
"name": "CVE-2021-40355",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40355"
},
{
"name": "CVE-2016-10011",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10011"
},
{
"name": "CVE-2021-37201",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37201"
},
{
"name": "CVE-2021-25665",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-25665"
},
{
"name": "CVE-2021-37202",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37202"
},
{
"name": "CVE-2021-33737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33737"
},
{
"name": "CVE-2020-36475",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-36475"
},
{
"name": "CVE-2016-10708",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10708"
},
{
"name": "CVE-2021-37175",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37175"
},
{
"name": "CVE-2021-37174",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37174"
},
{
"name": "CVE-2021-40357",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-40357"
},
{
"name": "CVE-2021-33720",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33720"
},
{
"name": "CVE-2021-37203",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37203"
},
{
"name": "CVE-2021-37183",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37183"
},
{
"name": "CVE-2021-37184",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37184"
},
{
"name": "CVE-2021-37177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37177"
},
{
"name": "CVE-2021-37173",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37173"
},
{
"name": "CVE-2021-37200",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37200"
},
{
"name": "CVE-2021-33719",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-33719"
},
{
"name": "CVE-2021-37181",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37181"
},
{
"name": "CVE-2021-31891",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-31891"
},
{
"name": "CVE-2021-37192",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37192"
},
{
"name": "CVE-2021-37206",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37206"
},
{
"name": "CVE-2021-37176",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37176"
},
{
"name": "CVE-2021-27391",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-27391"
},
{
"name": "CVE-2019-10941",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-10941"
}
],
"initial_release_date": "2021-09-15T00:00:00",
"last_revision_date": "2021-09-15T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-706",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-09-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-847986 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-847986.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-549234 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-549234.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-208530 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-208530.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-288459 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-288459.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-987403 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-535380 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535380.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-334944 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-334944.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-676336 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-676336.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-997732 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-997732.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-835377 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-835377.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-109294 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-109294.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-453715 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-453715.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-692317 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-692317.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-756638 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756638.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-316383 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-316383.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-330339 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-500748 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-500748.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-535997 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-535997.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-150692 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-150692.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-413407 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-413407.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-944498 du 14 septembre 2021",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-944498.pdf"
}
]
}
CNVD-2021-71438
Vulnerability from cnvd - Published: 2021-09-16
VLAI Severity ?
Title
Siemens Teamcenter XML外部实体注入(XXE)漏洞
Description
Siemens Teamcenter是德国西门子(Siemens)公司的一套产品生命周期管理计算机软件应用程序。
Siemens Teamcenter存在安全漏洞,攻击者可利用漏洞查看应用程序服务器文件系统上的文件。
Severity
中
Patch Name
Siemens Teamcenter XML外部实体注入(XXE)漏洞的补丁
Patch Description
Siemens Teamcenter是德国西门子(Siemens)公司的一套产品生命周期管理计算机软件应用程序。
Siemens Teamcenter存在安全漏洞,攻击者可利用漏洞查看应用程序服务器文件系统上的文件。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可参考如下供应商提供的安全公告获得补丁信息: https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf
Reference
https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf
Impacted products
| Name | ['Siemens Teamcenter < V12.4.0.8', 'Siemens Teamcenter < V13.0.0.7', 'Siemens Teamcenter < V13.1.0.5', 'Siemens Teamcenter < 13.2.0.2'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-40356"
}
},
"description": "Siemens Teamcenter\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u5957\u4ea7\u54c1\u751f\u547d\u5468\u671f\u7ba1\u7406\u8ba1\u7b97\u673a\u8f6f\u4ef6\u5e94\u7528\u7a0b\u5e8f\u3002\n\nSiemens Teamcenter\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u67e5\u770b\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\u3002",
"formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u4f9b\u5e94\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u516c\u544a\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-71438",
"openTime": "2021-09-16",
"patchDescription": "Siemens Teamcenter\u662f\u5fb7\u56fd\u897f\u95e8\u5b50\uff08Siemens\uff09\u516c\u53f8\u7684\u4e00\u5957\u4ea7\u54c1\u751f\u547d\u5468\u671f\u7ba1\u7406\u8ba1\u7b97\u673a\u8f6f\u4ef6\u5e94\u7528\u7a0b\u5e8f\u3002\r\n\r\nSiemens Teamcenter\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u67e5\u770b\u5e94\u7528\u7a0b\u5e8f\u670d\u52a1\u5668\u6587\u4ef6\u7cfb\u7edf\u4e0a\u7684\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Siemens Teamcenter XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165(XXE)\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Siemens Teamcenter \u003c V12.4.0.8",
"Siemens Teamcenter \u003c V13.0.0.7",
"Siemens Teamcenter \u003c V13.1.0.5",
"Siemens Teamcenter \u003c 13.2.0.2"
]
},
"referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf",
"serverity": "\u4e2d",
"submitTime": "2021-09-15",
"title": "Siemens Teamcenter XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165(XXE)\u6f0f\u6d1e"
}
FKIE_CVE-2021-40356
Vulnerability from fkie_nvd - Published: 2021-09-14 11:15 - Updated: 2024-11-21 06:23
Severity ?
Summary
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
References
| URL | Tags | ||
|---|---|---|---|
| productcert@siemens.com | https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| siemens | teamcenter_visualization | * | |
| siemens | teamcenter_visualization | * | |
| siemens | teamcenter_visualization | * | |
| siemens | teamcenter_visualization | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"matchCriteriaId": "13870B36-3683-4B71-9322-CE26AB6724D3",
"versionEndExcluding": "12.4.0.8",
"versionStartIncluding": "12.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AE45246-C5C8-42C4-807F-0C6D34C1200B",
"versionEndExcluding": "13.0.0.7",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A1360B8D-7874-413B-A6F0-6ACEA39236A2",
"versionEndExcluding": "13.1.0.5",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4339F831-9FD8-4FD3-B874-F88F77B8081B",
"versionEndExcluding": "13.2.0.2",
"versionStartIncluding": "13.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Teamcenter V12.4 (All versions \u003c V12.4.0.8), Teamcenter V13.0 (All versions \u003c V13.0.0.7), Teamcenter V13.1 (All versions \u003c V13.1.0.5), Teamcenter V13.2 (All versions \u003c 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem."
},
{
"lang": "es",
"value": "Se ha identificado una vulnerabilidad en Teamcenter versi\u00f3n V12.4 (Todas las versiones anteriores a V12.4.0.8), Teamcenter versi\u00f3n V13.0 (Todas las versiones anteriores a V13.0.0.7), Teamcenter versi\u00f3n V13.1 (Todas las versiones anteriores a V13.1.0.5), Teamcenter versi\u00f3n V13.2 (Todas las versiones anteriores a 13.2.0.2). La aplicaci\u00f3n contiene una vulnerabilidad de tipo XML External Entity Injection (XXE). Esto podr\u00eda permitir a un atacante visualizar archivos en el sistema de archivos del servidor de aplicaciones"
}
],
"id": "CVE-2021-40356",
"lastModified": "2024-11-21T06:23:56.463",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-09-14T11:15:26.823",
"references": [
{
"source": "productcert@siemens.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf"
}
],
"sourceIdentifier": "productcert@siemens.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "productcert@siemens.com",
"type": "Secondary"
}
]
}
GHSA-7XWV-XHF6-X5CR
Vulnerability from github – Published: 2022-05-24 19:14 – Updated: 2022-05-24 19:14
VLAI?
Details
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.
{
"affected": [],
"aliases": [
"CVE-2021-40356"
],
"database_specific": {
"cwe_ids": [
"CWE-611"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-14T11:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in Teamcenter V12.4 (All versions \u003c V12.4.0.8), Teamcenter V13.0 (All versions \u003c V13.0.0.7), Teamcenter V13.1 (All versions \u003c V13.1.0.5), Teamcenter V13.2 (All versions \u003c 13.2.0.2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.",
"id": "GHSA-7xwv-xhf6-x5cr",
"modified": "2022-05-24T19:14:29Z",
"published": "2022-05-24T19:14:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40356"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-987403.pdf"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…