¸»Ê¿µç»ú PLC »á¼û¹¤¾ß¶à¸ö¸ßΣÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2018-09-14

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-14809£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14811£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14813£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14815£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14817£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14819£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14823£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


V-Server 4.0.3.0¼°Ö®Ç°°æ±¾


Îó²î¸ÅÊö


ICS-CERT ±¾ÖÜÐû²¼Á½¸öÇ徲ͨ¸æÖ¸³ö£¬£¬£¬£¬£¬£¬£¬ÕâЩÇå¾²Îó²î¿Éµ¼ÖÂÔ¶³Ì¹¥»÷ÕßÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¸»Ê¿µç»ú V-Server ¹¤¾ß¿Éµ¼ÖÂ×éÖ¯»ú´ÓλÓÚÆóÒµÍøÂçÖеÄÅÌËãʱ»ú¼ûλÓÚ¹¤³§ÖеĿɱà³ÌÂß¼­¿ØÖÆÆ÷ (PLCs)¡£¡£¡£ÕâÁ½¸öϵͳ¾­ÓÉÓÃÓÚ¼à¿Ø PLCs µÄ Monitouch HMI ͨ¹ýÒÔÌ«ÍøÅþÁ¬¡£¡£¡£ICS-CERT ÌåÏָòúÆ·ÔÚÈ«Çò¹æÄ£ÄÚÖ÷ÒªÊÇÔÚÒªº¦ÖÆÔìÐÐҵʹÓᣡ£¡£


¸»Ê¿µç»ú V-Server ÊÜʹÓúóÊÍ·Å¡¢²»ÊÜÐÅÈεÄÖ¸ÕëÒýÓᢶѻº³åÒç³ö¡¢´øÍâдÈë¡¢ÕûÊý·´ÏòÒçλ¡¢´øÍâ¶ÁÈ¡ºÍÕ»»º³åÒç³öÎó²îµÄÓ°Ï죬£¬£¬£¬£¬£¬£¬¿ÉÄܵ¼Ö·ºÆðÔ¶³Ì´úÂëÖ´ÐÐЧ¹û£¬£¬£¬£¬£¬£¬£¬´Ó¶øÒý·¢ DoS Ìõ¼þ»òÐÅϢй¶ÎÊÌâ¡£¡£¡£


ICS-CERT »¹Ðû²¼ÁíÍâÒ»·ÝÇ徲ͨ¸æ˵Ã÷ÎúÓ°Ïì V-Server Lite µÄ¸ßΣ»£»£»£»£»£»£»º³åÒç³öÎó²î¡£¡£¡£¸ÃȱÏݿɱ»ÓÃÓÚÖ´ÐдúÂ룬£¬£¬£¬£¬£¬£¬Í¨¹ýÌØÊâ½á¹¹µÄÏîÄ¿Îļþ´¥·¢ DoS Ìõ¼þ»òÐÅϢй¶ÎÊÌâ¡£¡£¡£


ÕâЩ V-Server Îó²îÊÇÓÉ Source Incite ¹«Ë¾µÄ Steven Seeleyͨ¹ýÇ÷ÊƿƼ¼ ZDI ¼û¸æ³§É̵Ä¡£¡£¡£Ó°Ïì Lite °æ±¾µÄȱÏÝÊÇÓÉ Ariele Caltabiano £¨¼´ kimiya£©·¢Ã÷²¢¼û¸æ¸»Ê¿µç»ú¡£¡£¡£


ICS-CERT ÖÒÑԳƣ¬£¬£¬£¬£¬£¬£¬Ä³Ð©Îó²îµÄʹÓôúÂëÒѹûÕ棬£¬£¬£¬£¬£¬£¬Õâ¿ÉÄÜÊÇÕë¶Ô ZDI ÒÑÐû²¼Ê®¼¸¸ö˵Ã÷ÓÉ Seeley ºÍ Caltabiano ´Ó¸»Ê¿µç»ú V-Server ÖÐÕÒµ½µÄÇå¾²Îó²îµÄÇ徲ͨ¸æһʶøÑԵġ£¡£¡£ZDI ºÍ ICS-CERTÐû²¼Ç徲ͨ¸æµÄʱ¼äÏà²îÊýСʱ£¬£¬£¬£¬£¬£¬£¬µ«ZDI ²¢Î´ÔÚÇ徲ͨ¸æÖÐÌá¼°ÊÖÒÕÐÅÏ¢¡£¡£¡£


ZDI ÔÚÇ徲ͨ¸æÖÐÖ¸³ö£¬£¬£¬£¬£¬£¬£¬Seeley ÔÚ2018Äê3Ô·ݡ¢Caltabiano ÔÚ2018Äê6Ô·ݽ«Îó²î¼û¸æ³§ÉÌ¡£¡£¡£ZDI ÌåÏÖ£¬£¬£¬£¬£¬£¬£¬ÕâЩȱÏÝ¡°±£´æÓÚ¶Ô VPR ÎļþµÄÆÊÎöÀú³ÌÖС±£¬£¬£¬£¬£¬£¬£¬¿ÉÄÜÊÇÓÉÓÚÔÚÖ´ÐйØÓÚ¹¤¾ßµÄ²Ù×÷֮ǰȱ·¦¶Ô¹¤¾ßµÄÑéÖ¤Ôì³ÉµÄ£¬£¬£¬£¬£¬£¬£¬Ò²¿ÉÄÜÊÇÓÉÓÚȱ·¦¶ÔÓû§ÌṩÊý¾ÝµÄ׼ȷÑéÖ¤Ôì³ÉµÄ¡£¡£¡£


ËäÈ» ICS-CERT ¶ÔÕâЩÎó²îµÄÆÀ¼¶Îª¡°¸ßΣ¡±£¬£¬£¬£¬£¬£¬£¬µ« ZDI ½«ÆäÆÀΪ¡°ÖÐΣ¡±£¬£¬£¬£¬£¬£¬£¬CVSS ÆÀ·ÖΪ6.8·Ý¡£¡£¡£Caltabiano ·¢Ã÷µÄÈõµãÔÚ ZDI Ç徲ͨ¸æÖеĠCVSS ÆÀ·ÖÊÇ9.3£¨¸ßΣ£©¡£¡£¡£


ÕâЩӰÏìÈÏÕ潫ÆóÒµÍøÂçÅþÁ¬ÖÁ¹¤¿Øϵͳ²úÆ·µÄÎó²î¿É´øÀ´ÑÏÖصÄÇ徲Σº¦£¬£¬£¬£¬£¬£¬£¬ÓÉÓÚÕâÕýÊÇÐí¶àÍþвÕßÊÔͼµÖ´ïÃô¸ÐϵͳµÄ;¾¶¡£¡£¡£


Positive Technologies ¹«Ë¾×î½üÐû²¼µÄÒ»ÏîÑо¿Ð§¹ûÏÔʾ£¬£¬£¬£¬£¬£¬£¬ÔÚÐí¶à×éÖ¯»ú¹¹ÖУ¬£¬£¬£¬£¬£¬£¬ºÚ¿Í¿ÉÈÝÒ×ͨ¹ýÆóÒµÍøÂç»ñÈ¡¶Ô¹¤ÒµÇéÐεĻá¼ûȨÏÞ¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC\EXP


ÐÞ¸´½¨Òé


¸»Ê¿µç»úÒÑÐû²¼°æ±¾4.0.4.0 ÐÞ¸´ÁËÕâЩÎó²î¡£¡£¡£

http://monitouch.fujielectric.com/site/support-e/download-index-01.html


²Î¿¼Á´½Ó

https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01

https://www.securityweek.com/flaws-found-fuji-electric-tool-links-corporate-pcs-ics