{"id":561504,"date":"2023-01-16T17:10:48","date_gmt":"2023-01-16T19:10:48","guid":{"rendered":"https:\/\/teknomers.com\/fr\/la-cisa-met-en-garde-contre-les-failles-affectant-les-systemes-de-controle-industriels-des-principaux-fabricants\/"},"modified":"2023-01-16T17:10:50","modified_gmt":"2023-01-16T19:10:50","slug":"la-cisa-met-en-garde-contre-les-failles-affectant-les-systemes-de-controle-industriels-des-principaux-fabricants","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/la-cisa-met-en-garde-contre-les-failles-affectant-les-systemes-de-controle-industriels-des-principaux-fabricants\/","title":{"rendered":"La CISA met en garde contre les failles affectant les syst\u00e8mes de contr\u00f4le industriels des principaux fabricants"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">16 janvier 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">Syst\u00e8mes de contr\u00f4le industriels<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>La Cybersecurity and Infrastructure Security Agency (CISA) des \u00c9tats-Unis a publi\u00e9 plusieurs syst\u00e8mes de contr\u00f4le industriel (ICS) <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2023\/01\/12\/cisa-releases-twelve-industrial-control-systems-advisories\" target=\"_blank\">avis<\/a> avertissement de failles de s\u00e9curit\u00e9 critiques affectant les produits de Sewio, InHand Networks, Sauter Controls et Siemens.<\/p>\n<p>La plus grave des failles concerne le RTLS Studio de Sewio, qui pourrait \u00eatre exploit\u00e9 par un attaquant pour &#8220;obtenir un acc\u00e8s non autoris\u00e9 au serveur, modifier des informations, cr\u00e9er une condition de d\u00e9ni de service, obtenir des privil\u00e8ges \u00e9lev\u00e9s et ex\u00e9cuter du code arbitraire&#8221;. <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/icsa-23-012-01\" target=\"_blank\">selon CISA<\/a>.<\/p>\n<p>Cela inclut CVE-2022-45444 (score CVSS\u00a0: 10,0), un cas de mots de passe cod\u00e9s en dur pour certains utilisateurs dans la base de donn\u00e9es de l&#8217;application qui accordent potentiellement \u00e0 des adversaires distants un acc\u00e8s illimit\u00e9.<\/p>\n<p>Il convient \u00e9galement de noter deux failles d&#8217;injection de commande (CVE-2022-47911 et CVE-2022-43483, scores CVSS\u00a0: 9,1) et une vuln\u00e9rabilit\u00e9 d&#8217;\u00e9criture hors limites (CVE-2022-41989, score CVSS\u00a0: 9,1) qui pourraient entra\u00eener condition de d\u00e9ni de service ou ex\u00e9cution de code.<\/p>\n<p>Les vuln\u00e9rabilit\u00e9s affectent RTLS Studio version 2.0.0 jusqu&#8217;\u00e0 la version 2.6.2 incluse.  Il est recommand\u00e9 aux utilisateurs de mettre \u00e0 jour vers la version 3.0.0 ou ult\u00e9rieure.<\/p>\n<p>CISA, dans un <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/icsa-23-012-03\" target=\"_blank\">deuxi\u00e8me alerte<\/a>a mis en \u00e9vidence un ensemble de cinq failles de s\u00e9curit\u00e9 dans InHand Networks InRouter 302 et InRouter 615, y compris CVE-2023-22600 (score CVSS\u00a0: 10,0), qui pourraient entra\u00eener l&#8217;injection de commandes, la divulgation d&#8217;informations et l&#8217;ex\u00e9cution de code.<\/p>\n<p>&#8220;Si elles sont correctement encha\u00een\u00e9es, ces vuln\u00e9rabilit\u00e9s pourraient amener un utilisateur distant non autoris\u00e9 \u00e0 compromettre compl\u00e8tement chaque appareil InHand Networks g\u00e9r\u00e9 dans le cloud accessible par le cloud&#8221;, a d\u00e9clar\u00e9 l&#8217;agence.<\/p>\n<p>Toutes les versions de firmware de InRouter 302 ant\u00e9rieures \u00e0 IR302 V3.5.56 et InRouter 615 ant\u00e9rieures \u00e0 InRouter6XX-S-V2.3.0.r5542 sont sensibles aux bogues.<\/p>\n<p>Des failles de s\u00e9curit\u00e9 ont \u00e9galement \u00e9t\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/icsa-23-012-05\" target=\"_blank\">divulgu\u00e9<\/a> dans Sauter Controls Nova 220, Nova 230, Nova 106 et moduNet300 qui pourraient permettre une visibilit\u00e9 non autoris\u00e9e d&#8217;informations sensibles (CVE-2023-0053, score CVSS\u00a0: 7,5) et l&#8217;ex\u00e9cution de code \u00e0 distance (CVE-2023-0052, score CVSS\u00a0: 9,8) .<\/p>\n<p>Cependant, la soci\u00e9t\u00e9 d&#8217;automatisation bas\u00e9e en Suisse ne pr\u00e9voit pas de publier de correctifs pour les probl\u00e8mes identifi\u00e9s en raison du fait que la gamme de produits n&#8217;est plus prise en charge.<\/p>\n<p>Enfin, l&#8217;agence de s\u00e9curit\u00e9 <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/icsa-23-012-09\" target=\"_blank\">d\u00e9taill\u00e9<\/a> un cross-site scripting (<a rel=\"nofollow noopener\" href=\"https:\/\/owasp.org\/www-community\/attacks\/xss\/\" target=\"_blank\">XSS<\/a>) faille dans l&#8217;\u00e9quipement Siemens Mendix SAML (CVE-2022-46823, score CVSS\u00a0: 9,3) qui pourrait permettre \u00e0 un acteur malveillant d&#8217;obtenir des informations sensibles en incitant les utilisateurs \u00e0 cliquer sur un lien sp\u00e9cialement con\u00e7u.<\/p>\n<p>Il est conseill\u00e9 aux utilisateurs d&#8217;activer l&#8217;authentification multifacteur et de mettre \u00e0 jour Mendix SAML vers les versions 2.3.4 (Mendix 8), 3.3.8 (Mendix 9, Upgrade Track) ou 3.3.9 (Mendix 9, New Track) pour att\u00e9nuer les risques potentiels.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/01\/cisa-warns-for-flaws-affecting.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80216 janvier 2023\ue804Ravie LakshmananSyst\u00e8mes de contr\u00f4le industriels La Cybersecurity and Infrastructure Security Agency (CISA) des \u00c9tats-Unis a publi\u00e9 plusieurs syst\u00e8mes de contr\u00f4le industriel (ICS) avis avertissement de failles de s\u00e9curit\u00e9 critiques affectant les produits de Sewio, InHand Networks, Sauter Controls et Siemens. La plus grave des failles concerne le RTLS Studio de Sewio, qui pourrait [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":561505,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[34911,4805,4168,841,3976,4158,4165,4161,133,12287,4806,525,70694,4157,4159,4171,4170,65,4167,4955,4160,4163,4162,11630,4172,4169,5046,4166,4164],"class_list":["post-561504","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-affectant","tag-cisa","tag-comment-pirater","tag-contre","tag-controle","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-des","tag-fabricants","tag-failles","tag-garde","tag-industriels","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-met","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-principaux","tag-securite-informatique","tag-securite-internet","tag-systemes","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/561504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=561504"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/561504\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/561505"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=561504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=561504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=561504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}