¸»Ê¿µç»ú PLC »á¼û¹¤¾ß¶à¸ö¸ßΣÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2018-09-14

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-14809£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14811£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14813£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14815£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14817£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14819£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14823£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


V-Server 4.0.3.0¼°Ö®Ç°°æ±¾


Îó²î¸ÅÊö


ICS-CERT ±¾ÖÜÐû²¼Á½¸öÇ徲ͨ¸æÖ¸³ö£¬£¬£¬£¬£¬ÕâЩÇå¾²Îó²î¿Éµ¼ÖÂÔ¶³Ì¹¥»÷ÕßÖ´ÐÐí§Òâ´úÂë¡£ ¡£¡£¡£¡£¡£¡£¸»Ê¿µç»ú V-Server ¹¤¾ß¿Éµ¼ÖÂ×éÖ¯»ú´ÓλÓÚÆóÒµÍøÂçÖеÄÅÌËãʱ»ú¼ûλÓÚ¹¤³§ÖеĿɱà³ÌÂß¼­¿ØÖÆÆ÷ (PLCs)¡£ ¡£¡£¡£¡£¡£¡£ÕâÁ½¸öϵͳ¾­ÓÉÓÃÓÚ¼à¿Ø PLCs µÄ Monitouch HMI ͨ¹ýÒÔÌ«ÍøÅþÁ¬¡£ ¡£¡£¡£¡£¡£¡£ICS-CERT ÌåÏָòúÆ·ÔÚÈ«Çò¹æÄ£ÄÚÖ÷ÒªÊÇÔÚÒªº¦ÖÆÔìÐÐҵʹÓᣠ¡£¡£¡£¡£¡£¡£


¸»Ê¿µç»ú V-Server ÊÜʹÓúóÊÍ·Å¡¢²»ÊÜÐÅÈεÄÖ¸ÕëÒýÓᢶѻº³åÒç³ö¡¢´øÍâдÈë¡¢ÕûÊý·´ÏòÒçλ¡¢´øÍâ¶ÁÈ¡ºÍÕ»»º³åÒç³öÎó²îµÄÓ°Ï죬£¬£¬£¬£¬¿ÉÄܵ¼Ö·ºÆðÔ¶³Ì´úÂëÖ´ÐÐЧ¹û£¬£¬£¬£¬£¬´Ó¶øÒý·¢ DoS Ìõ¼þ»òÐÅϢй¶ÎÊÌâ¡£ ¡£¡£¡£¡£¡£¡£


ICS-CERT »¹Ðû²¼ÁíÍâÒ»·ÝÇ徲ͨ¸æ˵Ã÷ÎúÓ°Ïì V-Server Lite µÄ¸ßΣ»£»£»£»º³åÒç³öÎó²î¡£ ¡£¡£¡£¡£¡£¡£¸ÃȱÏݿɱ»ÓÃÓÚÖ´ÐдúÂ룬£¬£¬£¬£¬Í¨¹ýÌØÊâ½á¹¹µÄÏîÄ¿Îļþ´¥·¢ DoS Ìõ¼þ»òÐÅϢй¶ÎÊÌâ¡£ ¡£¡£¡£¡£¡£¡£


ÕâЩ V-Server Îó²îÊÇÓÉ Source Incite ¹«Ë¾µÄ Steven Seeleyͨ¹ýÇ÷ÊƿƼ¼ ZDI ¼û¸æ³§É̵Ä¡£ ¡£¡£¡£¡£¡£¡£Ó°Ïì Lite °æ±¾µÄȱÏÝÊÇÓÉ Ariele Caltabiano £¨¼´ kimiya£©·¢Ã÷²¢¼û¸æ¸»Ê¿µç»ú¡£ ¡£¡£¡£¡£¡£¡£


ICS-CERT ÖÒÑԳƣ¬£¬£¬£¬£¬Ä³Ð©Îó²îµÄʹÓôúÂëÒѹûÕ棬£¬£¬£¬£¬Õâ¿ÉÄÜÊÇÕë¶Ô ZDI ÒÑÐû²¼Ê®¼¸¸ö˵Ã÷ÓÉ Seeley ºÍ Caltabiano ´Ó¸»Ê¿µç»ú V-Server ÖÐÕÒµ½µÄÇå¾²Îó²îµÄÇ徲ͨ¸æһʶøÑԵġ£ ¡£¡£¡£¡£¡£¡£ZDI ºÍ ICS-CERTÐû²¼Ç徲ͨ¸æµÄʱ¼äÏà²îÊýСʱ£¬£¬£¬£¬£¬µ«ZDI ²¢Î´ÔÚÇ徲ͨ¸æÖÐÌá¼°ÊÖÒÕÐÅÏ¢¡£ ¡£¡£¡£¡£¡£¡£


ZDI ÔÚÇ徲ͨ¸æÖÐÖ¸³ö£¬£¬£¬£¬£¬Seeley ÔÚ2018Äê3Ô·ݡ¢Caltabiano ÔÚ2018Äê6Ô·ݽ«Îó²î¼û¸æ³§ÉÌ¡£ ¡£¡£¡£¡£¡£¡£ZDI ÌåÏÖ£¬£¬£¬£¬£¬ÕâЩȱÏÝ¡°±£´æÓÚ¶Ô VPR ÎļþµÄÆÊÎöÀú³ÌÖС±£¬£¬£¬£¬£¬¿ÉÄÜÊÇÓÉÓÚÔÚÖ´ÐйØÓÚ¹¤¾ßµÄ²Ù×÷֮ǰȱ·¦¶Ô¹¤¾ßµÄÑéÖ¤Ôì³ÉµÄ£¬£¬£¬£¬£¬Ò²¿ÉÄÜÊÇÓÉÓÚȱ·¦¶ÔÓû§ÌṩÊý¾ÝµÄ׼ȷÑéÖ¤Ôì³ÉµÄ¡£ ¡£¡£¡£¡£¡£¡£


ËäÈ» ICS-CERT ¶ÔÕâЩÎó²îµÄÆÀ¼¶Îª¡°¸ßΣ¡±£¬£¬£¬£¬£¬µ« ZDI ½«ÆäÆÀΪ¡°ÖÐΣ¡±£¬£¬£¬£¬£¬CVSS ÆÀ·ÖΪ6.8·Ý¡£ ¡£¡£¡£¡£¡£¡£Caltabiano ·¢Ã÷µÄÈõµãÔÚ ZDI Ç徲ͨ¸æÖеĠCVSS ÆÀ·ÖÊÇ9.3£¨¸ßΣ£©¡£ ¡£¡£¡£¡£¡£¡£


ÕâЩӰÏìÈÏÕ潫ÆóÒµÍøÂçÅþÁ¬ÖÁ¹¤¿Øϵͳ²úÆ·µÄÎó²î¿É´øÀ´ÑÏÖصÄÇ徲Σº¦£¬£¬£¬£¬£¬ÓÉÓÚÕâÕýÊÇÐí¶àÍþвÕßÊÔͼµÖ´ïÃô¸ÐϵͳµÄ;¾¶¡£ ¡£¡£¡£¡£¡£¡£


Positive Technologies ¹«Ë¾×î½üÐû²¼µÄÒ»ÏîÑо¿Ð§¹ûÏÔʾ£¬£¬£¬£¬£¬ÔÚÐí¶à×éÖ¯»ú¹¹ÖУ¬£¬£¬£¬£¬ºÚ¿Í¿ÉÈÝÒ×ͨ¹ýÆóÒµÍøÂç»ñÈ¡¶Ô¹¤ÒµÇéÐεĻá¼ûȨÏÞ¡£ ¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC\EXP


ÐÞ¸´½¨Òé


¸»Ê¿µç»úÒÑÐû²¼°æ±¾4.0.4.0 ÐÞ¸´ÁËÕâЩÎó²î¡£ ¡£¡£¡£¡£¡£¡£

http://monitouch.fujielectric.com/site/support-e/download-index-01.html


²Î¿¼Á´½Ó

https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01

https://www.securityweek.com/flaws-found-fuji-electric-tool-links-corporate-pcs-ics