{"id":421257,"date":"2022-10-19T19:47:23","date_gmt":"2022-10-19T21:47:23","guid":{"rendered":"https:\/\/teknomers.com\/fr\/la-cisa-met-en-garde-contre-les-failles-critiques-affectant-les-appareils-industriels-dadvantech-et-hitachi\/"},"modified":"2022-10-19T19:47:25","modified_gmt":"2022-10-19T21:47:25","slug":"la-cisa-met-en-garde-contre-les-failles-critiques-affectant-les-appareils-industriels-dadvantech-et-hitachi","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/la-cisa-met-en-garde-contre-les-failles-critiques-affectant-les-appareils-industriels-dadvantech-et-hitachi\/","title":{"rendered":"La CISA met en garde contre les failles critiques affectant les appareils industriels d&#8217;Advantech et Hitachi"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both\"><\/div>\n<p>L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a publi\u00e9 mardi deux syst\u00e8mes de contr\u00f4le industriel (ICS) <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/10\/18\/cisa-releases-two-industrial-control-systems-advisories\" target=\"_blank\">avis<\/a> concernant de graves d\u00e9fauts dans les appliances Advantech R-SeeNet et Hitachi Energy APM Edge.<\/p>\n<p>Il s&#8217;agit de trois faiblesses dans la solution de surveillance R-SeeNet, dont l&#8217;exploitation r\u00e9ussie &#8220;pourrait entra\u00eener la suppression \u00e0 distance de fichiers du syst\u00e8me par un attaquant non autoris\u00e9 ou l&#8217;ex\u00e9cution de code \u00e0 distance&#8221;.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/strike-d\" target=\"_blank\" title=\"DevOps backupy\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/La-nouvelle-vulnerabilite-Amazon-Ring-aurait-pu-exposer-tous-vos.png\" width=\"300\" height=\"250\" \/><\/a><\/div>\n<p>La liste des probl\u00e8mes qui affectent les versions 2.4.17 et ant\u00e9rieures de R-SeeNet est la suivante\u00a0:<\/p>\n<ul>\n<li><strong>CVE-2022-3385 \u200b\u200bet CVE-2022-3386<\/strong> (Scores CVSS : 9,8) &#8211; Deux d\u00e9fauts de d\u00e9bordement de tampon bas\u00e9s sur la pile qui pourraient conduire \u00e0 l&#8217;ex\u00e9cution de code \u00e0 distance<\/li>\n<li><strong>CVE-2022-3387<\/strong> (Score CVSS : 6,5) &#8211; Une faille de travers\u00e9e de chemin qui pourrait permettre \u00e0 un attaquant distant de supprimer des fichiers PDF arbitraires<\/li>\n<\/ul>\n<p>Des correctifs ont \u00e9t\u00e9 mis \u00e0 disposition dans la version <a rel=\"nofollow noopener\" href=\"https:\/\/icr.advantech.cz\/products\/software\/r-seenet\" target=\"_blank\">R-SeeNet version 2.4.21<\/a> sortie le 30 septembre 2022.<\/p>\n<p>La CISA a \u00e9galement publi\u00e9 une mise \u00e0 jour d&#8217;un avis de d\u00e9cembre 2021 sur de multiples failles dans Hitachi Energy Transformer Asset Performance Management (<a rel=\"nofollow noopener\" href=\"https:\/\/www.hitachienergy.com\/in\/en\/offering\/product-and-system\/transformers\/transformer-service\/advanced-services-for-transformers\/asset-management-solutions\/apm-edge\" target=\"_blank\">APM<\/a>) Produits Edge qui pourraient les rendre inaccessibles.<\/p>\n<p>Les 29 vuln\u00e9rabilit\u00e9s, collectivement attribu\u00e9es \u00e0 un score CVSS de 8,2, proviennent de failles de s\u00e9curit\u00e9 dans des composants logiciels open source tels que OpenSSL, LibSSL, libxml2 et GRUB2 bootloader.  Il est recommand\u00e9 aux utilisateurs de mettre \u00e0 jour vers APM Edge version 4.0 pour corriger les bogues.<\/p>\n<div class=\"ad_two clear\"><a rel=\"nofollow noopener\" href=\"https:\/\/go.thn.li\/crowd-mid-d\" target=\"_blank\" title=\"CyberSecurity\"><img decoding=\"async\" alt=\"La cyber-s\u00e9curit\u00e9\" class=\"lazyload\" loading=\"lazy\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2022\/08\/Google-Cloud-bloque-une-attaque-DDoS-record-de-46-millions.png\" width=\"728\" height=\"90\" \/><\/a><\/div>\n<p>Les alertes jumelles surviennent moins d&#8217;une semaine apr\u00e8s CISA <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2022\/10\/13\/cisa-releases-twenty-five-industrial-control-systems-advisories\" target=\"_blank\">publi\u00e9 25 avis ICS<\/a> le 13 octobre 2022, couvrant plusieurs vuln\u00e9rabilit\u00e9s sur des appareils de Siemens, Hitachi Energy et Mitsubishi Electric.<\/p>\n<p>Selon la soci\u00e9t\u00e9 de surveillance de la cybers\u00e9curit\u00e9 et des actifs OT SynSaber, 681 vuln\u00e9rabilit\u00e9s de produits ICS ont \u00e9t\u00e9 signal\u00e9es via CISA au cours du premier semestre 2022, dont 152 sont class\u00e9es critiques, 289 sont class\u00e9es \u00e9lev\u00e9es et 2015 sont class\u00e9es moyennes en gravit\u00e9.<\/p>\n<p>De plus, 54 des CVE critiques\/\u00e9lev\u00e9s n&#8217;ont aucun correctif ni aucune att\u00e9nuation disponible aupr\u00e8s des fournisseurs, ce qui repr\u00e9sente 13 % du total des failles signal\u00e9es et les \u00ab vuln\u00e9rabilit\u00e9s permanentes \u00bb restantes.<\/p>\n<p>&#8220;Il est important pour les propri\u00e9taires d&#8217;actifs et ceux qui d\u00e9fendent les infrastructures critiques de comprendre quand des corrections sont disponibles et comment ces corrections doivent \u00eatre mises en \u0153uvre et hi\u00e9rarchis\u00e9es&#8221;, a d\u00e9clar\u00e9 SynSaber. <a rel=\"nofollow noopener\" href=\"https:\/\/synsaber.com\/resources\/ics-vulnerabilities-h1-2022\/\" target=\"_blank\">a dit<\/a>.<\/p>\n<p><\/p>\n<\/div>\n<p><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2022\/10\/cisa-warns-of-critical-flaws-affecting.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) a publi\u00e9 mardi deux syst\u00e8mes de contr\u00f4le industriel (ICS) avis concernant de graves d\u00e9fauts dans les appliances Advantech R-SeeNet et Hitachi Energy APM Edge. Il s&#8217;agit de trois faiblesses dans la solution de surveillance R-SeeNet, dont l&#8217;exploitation r\u00e9ussie &#8220;pourrait entra\u00eener la suppression \u00e0 distance de [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":421258,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[34911,8737,4805,4168,841,5729,4158,4165,4161,117911,4806,525,117912,70694,4157,4159,4171,4170,65,4167,4955,4160,4163,4162,4172,4169,4166,4164],"class_list":["post-421257","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-affectant","tag-appareils","tag-cisa","tag-comment-pirater","tag-contre","tag-critiques","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-dadvantech","tag-failles","tag-garde","tag-hitachi","tag-industriels","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-met","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-securite-informatique","tag-securite-internet","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/421257","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=421257"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/421257\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/421258"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=421257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=421257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=421257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}