Vulnerability-Lookup

CVE-2020-26981 (GCVE-0-2020-26981)

Vulnerability from cvelistv5 – Published: 2021-01-12 20:18 – Updated: 2024-08-04 16:03

Summary

A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)

Severity ?

No CVSS data available.

CWE

CWE-611 - Improper Restriction of XML External Entity Reference

Assigner

siemens

References

URL

FKIE_CVE-2020-26981

Vulnerability from fkie_nvd - Published: 2021-01-12 21:15 - Updated: 2024-11-21 05:20

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
productcert@siemens.com	https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf	Vendor Advisory
productcert@siemens.com	https://www.zerodayinitiative.com/advisories/ZDI-21-048/	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zerodayinitiative.com/advisories/ZDI-21-048/	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	siemens	jt2go	*
	siemens	teamcenter_visualization	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "307FDFE4-A801-4978-8903-BC38ED035927",
              "versionEndExcluding": "13.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E90A52-9FD9-450A-8003-9F6C451E0823",
              "versionEndExcluding": "13.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)"
    },
    {
      "lang": "es",
      "value": "Se ha identificado una vulnerabilidad en JT2Go (todas las versiones anteriores a V13.1.0), Teamcenter Visualization (todas las versiones anteriores a V13.1.0). Al abrir un archivo xml especialmente dise\u00f1ado, la aplicaci\u00f3n podr\u00eda revelar archivos arbitrarios a atacantes remotos. Esto es debido al paso de contenido especialmente dise\u00f1ado al analizador XML subyacente sin tomar las restricciones apropiadas, como prohibir un dtd externo. ZDI-CAN-11890)"
    }
  ],
  "id": "CVE-2020-26981",
  "lastModified": "2024-11-21T05:20:37.307",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-12T21:15:16.683",
  "references": [
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
    },
    {
      "source": "productcert@siemens.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/"
    }
  ],
  "sourceIdentifier": "productcert@siemens.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "productcert@siemens.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-CFXJ-95GX-6RXG

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2022-05-24 17:38

Details

A vulnerability has been identified in JT2Go (All Versions < V13.1.0), Teamcenter Visualization (All Versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-26981"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-12T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been identified in JT2Go (All Versions \u003c V13.1.0), Teamcenter Visualization (All Versions \u003c V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd.",
  "id": "GHSA-cfxj-95gx-6rxg",
  "modified": "2022-05-24T17:38:32Z",
  "published": "2022-05-24T17:38:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26981"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-26981

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-26981

Aliases

CVE-2020-26981

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-26981",
    "description": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)",
    "id": "GSD-2020-26981"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-26981"
      ],
      "details": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)",
      "id": "GSD-2020-26981",
      "modified": "2023-12-13T01:22:08.689234Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "productcert@siemens.com",
        "ID": "CVE-2020-26981",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "JT2Go",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V13.1.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Teamcenter Visualization",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "All versions \u003c V13.1.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Siemens"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-611: Improper Restriction of XML External Entity Reference"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
          },
          {
            "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/",
            "refsource": "MISC",
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:siemens:jt2go:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:siemens:teamcenter_visualization:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "productcert@siemens.com",
          "ID": "CVE-2020-26981"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability has been identified in JT2Go (All versions \u003c V13.1.0), Teamcenter Visualization (All versions \u003c V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890)"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-611"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-048/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-02-23T13:50Z",
      "publishedDate": "2021-01-12T21:15Z"
    }
  }
}

CNVD-2021-02590

Vulnerability from cnvd - Published: 2021-01-13

Title

JT2Go and Teamcenter VisualizationXML外部实体引用不当漏洞

Description

JT2Go是一个3D JT查看工具，允许用户查看JT, PDF, Solid Edge, PLM XML与现有的JT， VFZ、CGM、TIF数据。Teamcenter可视化软件使企业能够增强他们的产品生命周期管理(PLM)环境，该软件使企业用户能够在单一环境中访问文档、2D图纸和3D模型。 JT2Go and Teamcenter VisualizationXML外部实体引用不当漏洞，攻击者可利用该漏洞通过特别制作的xml文件访问任意文件获取敏感信息。

Severity

中

Patch Name

JT2Go and Teamcenter VisualizationXML外部实体引用不当漏洞的补丁

Patch Description

Formal description

厂商已发布相关漏洞补丁链接，请及时更新： https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf

Reference

https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf

Impacted products

Name
['SIEMENS JT2Go <V13.1.0', 'SIEMENS Teamcenter Visualization <V13.1.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-26981"
    }
  },
  "description": "JT2Go\u662f\u4e00\u4e2a3D JT\u67e5\u770b\u5de5\u5177\uff0c\u5141\u8bb8\u7528\u6237\u67e5\u770bJT, PDF, Solid Edge, PLM XML\u4e0e\u73b0\u6709\u7684JT\uff0c\nVFZ\u3001CGM\u3001TIF\u6570\u636e\u3002Teamcenter\u53ef\u89c6\u5316\u8f6f\u4ef6\u4f7f\u4f01\u4e1a\u80fd\u591f\u589e\u5f3a\u4ed6\u4eec\u7684\u4ea7\u54c1\u751f\u547d\u5468\u671f\u7ba1\u7406(PLM)\u73af\u5883\uff0c\u8be5\u8f6f\u4ef6\u4f7f\u4f01\u4e1a\u7528\u6237\u80fd\u591f\u5728\u5355\u4e00\u73af\u5883\u4e2d\u8bbf\u95ee\u6587\u6863\u30012D\u56fe\u7eb8\u548c3D\u6a21\u578b\u3002\n\nJT2Go and Teamcenter VisualizationXML\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u4e0d\u5f53\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u522b\u5236\u4f5c\u7684xml\u6587\u4ef6\u8bbf\u95ee\u4efb\u610f\u6587\u4ef6\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u76f8\u5173\u6f0f\u6d1e\u8865\u4e01\u94fe\u63a5\uff0c\u8bf7\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-02590",
  "openTime": "2021-01-13",
  "patchDescription": "JT2Go\u662f\u4e00\u4e2a3D JT\u67e5\u770b\u5de5\u5177\uff0c\u5141\u8bb8\u7528\u6237\u67e5\u770bJT, PDF, Solid Edge, PLM XML\u4e0e\u73b0\u6709\u7684JT\uff0c\r\nVFZ\u3001CGM\u3001TIF\u6570\u636e\u3002Teamcenter\u53ef\u89c6\u5316\u8f6f\u4ef6\u4f7f\u4f01\u4e1a\u80fd\u591f\u589e\u5f3a\u4ed6\u4eec\u7684\u4ea7\u54c1\u751f\u547d\u5468\u671f\u7ba1\u7406(PLM)\u73af\u5883\uff0c\u8be5\u8f6f\u4ef6\u4f7f\u4f01\u4e1a\u7528\u6237\u80fd\u591f\u5728\u5355\u4e00\u73af\u5883\u4e2d\u8bbf\u95ee\u6587\u6863\u30012D\u56fe\u7eb8\u548c3D\u6a21\u578b\u3002\r\n\r\nJT2Go and Teamcenter VisualizationXML\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u4e0d\u5f53\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u522b\u5236\u4f5c\u7684xml\u6587\u4ef6\u8bbf\u95ee\u4efb\u610f\u6587\u4ef6\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "JT2Go and Teamcenter VisualizationXML\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u4e0d\u5f53\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SIEMENS JT2Go \u003cV13.1.0",
      "SIEMENS Teamcenter Visualization \u003cV13.1.0"
    ]
  },
  "referenceLink": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf",
  "serverity": "\u4e2d",
  "submitTime": "2021-01-13",
  "title": "JT2Go and Teamcenter VisualizationXML\u5916\u90e8\u5b9e\u4f53\u5f15\u7528\u4e0d\u5f53\u6f0f\u6d1e"
}

CERTFR-2021-AVI-018

Vulnerability from certfr_avis - Published: 2021-01-12 - Updated: 2021-01-12

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Siemens	N/A	Les commutateurs de la famille SCALANCE X-200IRT (inclus les variants SIPLUSNET)
Siemens	N/A	Les commutateurs de la famille SCALANCE X-300 (inclus les variants X408 et SIPLUS NET) versions antérieures à V4.1.0
Siemens	N/A	Solid Edge versions antérieures à SE2021MP2
Siemens	N/A	T2Go versions antérieures à V13.1.0
Siemens	N/A	Teamcenter Visualization versions antérieures à V13.1.0 (cette version reste vulnérable aux vulnérabilités CVE-2020-26989, CVE-2020-26990 et CVE-2020-26991)
Siemens	N/A	Les commutateurs de la famille SCALANCE X-200 (inclus les variants SIPLUSNET)

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens ssa-274900 du 12 janvier 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-622830 du 12 janvier 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-139628 du 12 janvier 2021	None	vendor-advisory
Bulletin de sécurité Siemens ssa-979834 du 12 janvier 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Les commutateurs de la famille SCALANCE X-200IRT (inclus les variants SIPLUSNET)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Les commutateurs de la famille SCALANCE X-300 (inclus les variants X408 et SIPLUS NET) versions ant\u00e9rieures \u00e0 V4.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Solid Edge versions ant\u00e9rieures \u00e0 SE2021MP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "T2Go versions ant\u00e9rieures \u00e0 V13.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization versions ant\u00e9rieures \u00e0 V13.1.0 (cette version reste vuln\u00e9rable aux vuln\u00e9rabilit\u00e9s CVE-2020-26989, CVE-2020-26990 et CVE-2020-26991)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Les commutateurs de la famille SCALANCE X-200 (inclus les variants SIPLUSNET)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-25226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25226"
    },
    {
      "name": "CVE-2020-26996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26996"
    },
    {
      "name": "CVE-2020-26984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26984"
    },
    {
      "name": "CVE-2020-26983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26983"
    },
    {
      "name": "CVE-2020-26989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26989"
    },
    {
      "name": "CVE-2020-26988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26988"
    },
    {
      "name": "CVE-2020-28381",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28381"
    },
    {
      "name": "CVE-2020-28382",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28382"
    },
    {
      "name": "CVE-2020-28383",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28383"
    },
    {
      "name": "CVE-2020-28384",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28384"
    },
    {
      "name": "CVE-2020-26994",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26994"
    },
    {
      "name": "CVE-2020-26987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26987"
    },
    {
      "name": "CVE-2020-15800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15800"
    },
    {
      "name": "CVE-2020-15799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15799"
    },
    {
      "name": "CVE-2020-26985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26985"
    },
    {
      "name": "CVE-2020-26991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26991"
    },
    {
      "name": "CVE-2020-26986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26986"
    },
    {
      "name": "CVE-2020-28395",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28395"
    },
    {
      "name": "CVE-2020-26982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26982"
    },
    {
      "name": "CVE-2020-26981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26981"
    },
    {
      "name": "CVE-2020-26995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26995"
    },
    {
      "name": "CVE-2020-26992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26992"
    },
    {
      "name": "CVE-2020-28391",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28391"
    },
    {
      "name": "CVE-2020-26990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26990"
    },
    {
      "name": "CVE-2020-26993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26993"
    },
    {
      "name": "CVE-2020-26980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-26980"
    },
    {
      "name": "CVE-2020-28386",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28386"
    }
  ],
  "initial_release_date": "2021-01-12T00:00:00",
  "last_revision_date": "2021-01-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-018",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire, un d\u00e9ni de service \u00e0 distance et une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-274900 du 12 janvier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-274900.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-622830 du 12 janvier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-622830.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-139628 du 12 janvier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-139628.pdf"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens ssa-979834 du 12 janvier 2021",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-979834.pdf"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-26981 (GCVE-0-2020-26981)

FKIE_CVE-2020-26981

GHSA-CFXJ-95GX-6RXG

GSD-2020-26981

CNVD-2021-02590

CERTFR-2021-AVI-018

Solution

Tags

Sightings

Nomenclature