AVEVAÁ½¸öÑÏÖØÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2018-11-09

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-17916£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ 9.8£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-17914£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ 9.8£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


InduSoft Web Studio versions  <=  1 SP2

InTouch Edge HMI (formerly InTouch Machine Edition) versions  <=  2017 SP2


Îó²î¸ÅÊö


¿ËÈÕ£¬£¬£¬£¬AVEVAÐû²¼Ç徲ͨ¸æ³ÆÐÞ¸´ÁË2¸ö¹¤ÒµÈí¼þÖеĸßΣÎó²î¡£¡£¡£¡£¡£¡£
AVEVAÓ¢¹úÅÌËã»úÈí¼þÉÌ¡£¡£¡£¡£¡£¡£ÎªÔì´¬ºÍº£Ñ󹤳̡¢Ê¯ÓͺÍ×ÔÈ»Æø¡¢ÔìÖ½¡¢µçÁ¦¡¢»¯¹¤ºÍÖÆÒ©µÈ¹¤ÒµÁìÓòÌṩȫÉúÃüÖÜÆÚ½â¾ö¼Æ»®¼°Ð§ÀÍ¡£¡£¡£¡£¡£¡£
CVE-2018-17916ÊÇÒ»¸öÕ»Òç³öÎó²î£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔ·¢ËÍÒ»¸öÌØÖƵÄÊý¾Ý°üÀ´´¥·¢¸ÃÎó²î£¬£¬£¬£¬µ¼ÖÂÔÚδÊÚȨµÄÇéÐÎÏÂÔ¶³ÌÖ´ÐдúÂë¡£¡£¡£¡£¡£¡£
CVE-2018-17914Ô´ÓÚÒ»¸öÉèÖÃÎļþÖеĿÕÃÜÂëÎÊÌ⣬£¬£¬£¬Ò»¸öδÊÚȨµÄ¹¥»÷Õß¿ÉÒÔʹÓÃÊÜÓ°ÏìÈí¼þµÄÏàͬȨÏÞÀ´Ô¶³ÌÖ´ÐдúÂë¡£¡£¡£¡£¡£¡£

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP


ÐÞ¸´½¨Òé


AVEVA¹Ù·½ÒѾ­Ðû²¼ÁËа汾ÐÞ¸´ÁËÉÏÊöÎó²î£¬£¬£¬£¬ÇëÊÜÓ°ÏìµÄÓû§¾¡¿ì¸üоÙÐзÀ»¤¡£¡£¡£¡£¡£¡£
а汾ÏÂÔصصãÈçÏ£º
InduSoft Web Studio v8.1 SP2
http://download.indusoft.com/81.2.0/IWS81.2.0.zip
InTouch Edge HMI (formerly InTouch Machine Edition)

https://softwaresupportsp.schneider-electric.com/#/producthub/details?id=5223


²Î¿¼Á´½Ó


https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec130.pdf