{"id":715371,"date":"2023-05-03T03:58:34","date_gmt":"2023-05-03T05:58:34","guid":{"rendered":"https:\/\/teknomers.com\/fr\/la-cisa-publie-un-avis-sur-les-rce-critiques-affectant-les-terminaux-distants-me-rtu\/"},"modified":"2023-05-03T03:58:38","modified_gmt":"2023-05-03T05:58:38","slug":"la-cisa-publie-un-avis-sur-les-rce-critiques-affectant-les-terminaux-distants-me-rtu","status":"publish","type":"post","link":"https:\/\/teknomers.com\/fr\/la-cisa-publie-un-avis-sur-les-rce-critiques-affectant-les-terminaux-distants-me-rtu\/","title":{"rendered":"La CISA publie un avis sur les RCE critiques affectant les terminaux distants ME RTU"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">03 mai 2023<\/span><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><\/span><span class=\"p-tags\">S\u00e9curit\u00e9 SCI\/SCADA<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><\/div>\n<p>L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) mardi <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/05\/02\/cisa-releases-one-industrial-control-systems-advisory\" target=\"_blank\">lib\u00e9r\u00e9<\/a> un avis sur les syst\u00e8mes de contr\u00f4le industriel (ICS) concernant une faille critique affectant les unit\u00e9s terminales \u00e0 distance ME RTU.<\/p>\n<p>La faille de s\u00e9curit\u00e9, suivie comme <a rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2023-2131\" target=\"_blank\">CVE-2023-2131<\/a>a re\u00e7u la cote de gravit\u00e9 la plus \u00e9lev\u00e9e de 10,0 sur le syst\u00e8me de notation CVSS pour sa faible complexit\u00e9 d&#8217;attaque.<\/p>\n<p>&#8220;L&#8217;exploitation r\u00e9ussie de cette vuln\u00e9rabilit\u00e9 pourrait permettre l&#8217;ex\u00e9cution de code \u00e0 distance&#8221;, CISA <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-110-01\" target=\"_blank\">a dit<\/a>le d\u00e9crivant comme un cas d&#8217;injection de commande affectant les versions du micrologiciel INEA ME RTU ant\u00e9rieures \u00e0 <a rel=\"nofollow noopener\" href=\"https:\/\/www.inea.si\/en\/telemetrija-in-m2m-produkti\/mertu-en\/\" target=\"_blank\">version 3.36<\/a>.<\/p>\n<div class=\"ad_two clear\"><center class=\"cf\"><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/tractivethreatsstatic-inside-2\" target=\"_blank\" title=\"Cybersecurity\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"La cyber-s\u00e9curit\u00e9\" src=\"https:\/\/teknomers.com\/fr\/wp-content\/uploads\/2023\/05\/1682946326_927_Decouverte-de-la-nouvelle-boite-a-outils-de-logiciels-malveillants.png\" width=\"728\" height=\"90\"\/><\/a><\/center><\/div>\n<p>Le chercheur en s\u00e9curit\u00e9 Floris Hendriks de l&#8217;Universit\u00e9 Radboud a \u00e9t\u00e9 cr\u00e9dit\u00e9 d&#8217;avoir signal\u00e9 le probl\u00e8me \u00e0 CISA.<\/p>\n<p>\u00c9galement publi\u00e9 par CISA est un <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-122-01\" target=\"_blank\">alerte<\/a> li\u00e9s \u00e0 plusieurs failles de s\u00e9curit\u00e9 connues dans les processeurs Intel(R) affectant les produits Factory Automation (FA) de Mitsubishi Electric qui pourraient entra\u00eener une \u00e9l\u00e9vation des privil\u00e8ges et une condition de d\u00e9ni de service (DoS).<\/p>\n<p>Le d\u00e9veloppement intervient alors que l&#8217;agence <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/05\/01\/cisa-urges-organizations-incorporate-fcc-covered-list-risk-management-plans\" target=\"_blank\">recommand\u00e9<\/a> les organisations d&#8217;infrastructures critiques \u00e0 prendre les mesures n\u00e9cessaires pour s\u00e9curiser les cha\u00eenes d&#8217;approvisionnement en examinant la liste couverte des \u00e9quipements de communication de la Federal Communications Commission (FCC) qui sont consid\u00e9r\u00e9s comme un risque pour la s\u00e9curit\u00e9 nationale.<\/p>\n<div class=\"ad_two clear\" style=\"margin: 20px 10px 30px 0;background: rgb(249 251 255);color: rgb(22, 7, 85);padding: 0px 5%;border: 2px solid rgb(217 222 255);border-radius: 10px;text-align: left;box-shadow: 10px 10px 0 #e2ebff;border-top-left-radius: 50px;border-bottom-right-radius: 50px;\"> <span style=\"font-size:14px;margin:25px 0 0 0;font-weight:900;background: #dbdefc;display:inline-block;padding: 3px 20px;border-radius: 100px;letter-spacing: 0.5px;color: #596cec;\">WEBINAIRE \u00c0 VENIR<\/span><\/p>\n<p>Apprenez \u00e0 arr\u00eater les ransomwares avec une protection en temps r\u00e9el<\/p>\n<p style=\"text-align:left;font-size:17px;line-height:30px;margin: 10px 0;color: #4e6a8d;\">Rejoignez notre webinaire et d\u00e9couvrez comment arr\u00eater les attaques de ransomwares dans leur \u00e9lan gr\u00e2ce \u00e0 la MFA en temps r\u00e9el et \u00e0 la protection des comptes de service.<\/p>\n<p><a rel=\"nofollow noopener\" href=\"https:\/\/thn.news\/silver-web-inside\" target=\"_blank\" style=\"padding: 10px 20px;border-radius: 8px;background-color: #4469f5;font-size:16px;display:inline-block;color:#fff;border:0;line-height:inherit;text-decoration:none;cursor:pointer;MARGIN: 10px 0 25px 0;float:left;font-weight:500;letter-spacing: 0.2px;\">Sauvez ma place\u00a0!<\/a><\/div>\n<p>La CISA a \u00e9galement exhort\u00e9 les entit\u00e9s \u00e0 adopter les directives \u00e9mises par le NIST pour identifier, \u00e9valuer et att\u00e9nuer les risques de la cha\u00eene d&#8217;approvisionnement, et \u00e0 s&#8217;inscrire au programme gratuit de l&#8217;agence. <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/resources-tools\/services\/cisa-vulnerability-scanning\" target=\"_blank\">Service d&#8217;analyse des vuln\u00e9rabilit\u00e9s<\/a> pour identifier les appareils vuln\u00e9rables et \u00e0 haut risque.<\/p>\n<p>Il suit en outre <a rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/secure-by-design-and-default\" target=\"_blank\">efforts<\/a> entreprise par les autorit\u00e9s de cybers\u00e9curit\u00e9 en Australie, au Canada, au Royaume-Uni, en Allemagne, aux Pays-Bas, en Nouvelle-Z\u00e9lande et aux \u00c9tats-Unis pour &#8220;prendre les mesures urgentes n\u00e9cessaires pour exp\u00e9dier des produits s\u00e9curis\u00e9s par conception et par d\u00e9faut&#8221;.<\/p>\n<p><\/p>\n<div class=\"cf note-b\">Vous avez trouv\u00e9 cet article int\u00e9ressant ?  Suivez-nous sur <a rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/thehackersnews\" target=\"_blank\">Twitter <i class=\"icon-font icon-twitter\">\uf099<\/i><\/a>  et <a rel=\"nofollow noopener\" href=\"https:\/\/www.linkedin.com\/company\/thehackernews\/\" target=\"_blank\">LinkedIn<\/a> pour lire plus de contenu exclusif que nous publions.<\/div>\n<\/div>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><br \/>\n<br \/><a href=\"https:\/\/thehackernews.com\/2023\/05\/cisa-issues-advisory-on-critical-rce.html\" rel=\"nofollow noopener\" target=\"_blank\">ttn-fr-57<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ue80203 mai 2023\ue804Ravie LakshmananS\u00e9curit\u00e9 SCI\/SCADA L&#8217;Agence am\u00e9ricaine de cybers\u00e9curit\u00e9 et de s\u00e9curit\u00e9 des infrastructures (CISA) mardi lib\u00e9r\u00e9 un avis sur les syst\u00e8mes de contr\u00f4le industriel (ICS) concernant une faille critique affectant les unit\u00e9s terminales \u00e0 distance ME RTU. La faille de s\u00e9curit\u00e9, suivie comme CVE-2023-2131a re\u00e7u la cote de gravit\u00e9 la plus \u00e9lev\u00e9e de 10,0 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":715372,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[34911,7679,4805,4168,5729,4158,4165,4161,28970,4157,4159,4171,4170,65,4167,4160,4163,4162,2212,22778,160085,4172,4169,60,70850,4166,4164],"class_list":["post-715371","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technologie","tag-affectant","tag-avis","tag-cisa","tag-comment-pirater","tag-critiques","tag-cyber-actualites","tag-cyber-attaques","tag-cyber-mises-a-jour","tag-distants","tag-lactualite-de-la-cybersecurite","tag-lactualite-de-la-cybersecurite-aujourdhui","tag-lactualite-des-hackers","tag-la-securite-des-informations","tag-les","tag-logiciel-malveillant-de-ransomware","tag-mises-a-jour-de-la-cybersecurite","tag-nouvelles-de-piratage","tag-nouvelles-de-pirates","tag-publie","tag-rce","tag-rtu","tag-securite-informatique","tag-securite-internet","tag-sur","tag-terminaux","tag-violation-de-donnees","tag-vulnerabilite-logicielle"],"_links":{"self":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/715371","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/comments?post=715371"}],"version-history":[{"count":0,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/posts\/715371\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media\/715372"}],"wp:attachment":[{"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/media?parent=715371"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/categories?post=715371"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/teknomers.com\/fr\/wp-json\/wp\/v2\/tags?post=715371"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}