ABB×Ô¶¯»¯ÏµÍ³HMIÖеĶà¸öÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-06-26

Îó²î±àºÅºÍ¼¶±ð



CVE±àºÅ£ºCVE-2019-1716£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬£¬£¬£¬£¬£¬£¬¹Ù·½:9.8
CVE±àºÅ£ºCVE-2019-10886£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.5£¬£¬£¬£¬£¬£¬£¬¹Ù·½£º5.9
CVE±àºÅ£ºCVE-2019-11336£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.5£¬£¬£¬£¬£¬£¬£¬¹Ù·½:8.1
CVE±àºÅ£ºCVE-2019-7230£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7229£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.3£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7231£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.5£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7227£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.3£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7225£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7226£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7232£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-7228£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨



Ó°Ïì°æ±¾



ÊÜÓ°ÏìµÄ°æ±¾


ABB CP635 HMI, ABB PB610, ABB CP651 HMI



Îó²î¸ÅÊö



ABBÐÞ¸´×Ô¶¯»¯ÏµÍ³HMIÖеÄÊ®¶à¸öÎó²î£º


CVE-2019-1716


Cisco IP Phone 8800 SeriesºÍCisco IP Phone 7800 Series¶¼ÊÇÃÀ¹ú˼¿Æ£¨Cisco£©¹«Ë¾µÄ²úÆ·¡£¡£¡£¡£¡£Cisco IP Phone 8800 SeriesÊÇÒ»¿î8800ϵÁеÄIPµç»°¡£¡£¡£¡£¡£Cisco IP Phone 7800 SeriesÊÇÒ»¿î7800ϵÁÐIPµç»°¡£¡£¡£¡£¡£Session Initiation Protocol£¨SIP£©SoftwareÊÇÆäÖеÄÒ»¿î»á»°ÌᳫЭÒéÈí¼þ¡£¡£¡£¡£¡£Cisco IP Phone 7800 SeriesºÍCisco IP Phone 8800 SeriesÖеÄSIPÈí¼þµÄ»ùÓÚWebµÄÖÎÀí½çÃæ±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚÔÚ¾ÙÐÐÉí·ÝÑé֤ʱ£¬£¬£¬£¬£¬£¬£¬³ÌÐòûÓÐ׼ȷµØÑéÖ¤Óû§Ìá½»µÄÊäÈë¡£¡£¡£¡£¡£Ô¶³Ì¹¥»÷Õß¿Éͨ¹ýʹÓÃHTTPЭÒéÅþÁ¬µ½ÊÜÓ°ÏìµÄ×°±¸²¢Ìá½»¶ñÒâµÄÓû§Æ¾Ö¤Ê¹ÓøÃÎó²îÖØмÓÔØÊÜÓ°ÏìµÄ×°±¸£¬£¬£¬£¬£¬£¬£¬µ¼Ö¾ܾøЧÀÍ»òÒÔÓ¦ÓóÌÐòÓû§µÄȨÏÞÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£


CVE-2019-10886


Sony Photo Sharing Plus applicationÊÇÈÕ±¾Ë÷ÄᣨSony£©¹«Ë¾µÄÒ»¿îÓÃÓÚÉúÑÄ¡¢ÖÎÀí¡¢·ÖÏíͼÏñºÍÊÓƵµÄÓ¦ÓóÌÐò¡£¡£¡£¡£¡£ ʹÓÃPKG6.5629֮ǰ°æ±¾¹Ì¼þµÄSony Photo Sharing PlusÓ¦ÓóÌÐò±£´æ»á¼û¿ØÖƹýʧÎó²î£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úƷδ׼ȷÏÞÖÆÀ´×ÔδÊÚȨ½ÇÉ«µÄ×ÊÔ´»á¼û¡£¡£¡£¡£¡£


CVE-2019-11336


Sony Smart TVsÖб£´æÐÅϢй¶Îó²î£¬£¬£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÔËÐÐÀú³ÌÖб£´æÉèÖõȹýʧ¡£¡£¡£¡£¡£Î´ÊÚȨµÄ¹¥»÷Õß¿ÉʹÓÃÎó²î»ñÈ¡ÊÜÓ°Ïì×é¼þÃô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£


CVE-2019-7230


IDAL FTPЧÀÍÆ÷ͨ¹ý²»Çå¾²µØʹÓÃÓû§ÌṩµÄÃûÌÃ×Ö·û´®ÈÝÒ×Êܵ½ÄÚ´æË𻵡£¡£¡£¡£¡£ ¹¥»÷Õß¿ÉÒÔÀÄÓô˹¦Ð§À´ÈƹýÉí·ÝÑéÖ¤»òÔÚЧÀÍÆ÷ÉÏÖ´ÐдúÂë¡£¡£¡£¡£¡£


CVE-2019-7229


ABB HMIʹÓÃÁ½ÖÖ²î±ðµÄ´«ÊäÒªÁìÀ´Éý¼¶ÆäÈí¼þ×é¼þ£ºÊ¹ÓÃUSB / SD¿¨ÉÁ´æ×°±¸£»£»£»£»£»Í¨¹ýFTPͨ¹ýABB Panel Builder 600¾ÙÐÐÔ¶³ÌÉèÖÃÀú³Ì£¬£¬£¬£¬£¬£¬£¬ÕâЩ´«ÊäÒªÁ춼²î³ØеÄHMIÈí¼þ¶þ½øÖÆÎļþʵÑéÈκÎÐÎʽµÄ¼ÓÃÜ»òÕæʵÐÔ¼ì²é¡£¡£¡£¡£¡£


CVE-2019-7231


IDAL FTPЧÀÍÆ÷ÈÝÒ×Êܵ½»º³åÇøÒç³öµÄÓ°Ï죬£¬£¬£¬£¬£¬£¬ÆäÖÐÓɾ­ÓÉÉí·ÝÑéÖ¤µÄ¹¥»÷Õß·¢ËÍ´ó×Ú×Ö·û´®£¬£¬£¬£¬£¬£¬£¬µ¼Ö»º³åÇøÒç³ö¡£¡£¡£¡£¡£


CVE-2019-7227


IDAL FTPЧÀÍÆ÷ÎÞ·¨È·±£Ä¿Â¼¸ü¸ÄÇëÇó²»»á¸ü¸ÄΪFTPЧÀÍÆ÷¸ùĿ¼֮ÍâµÄλÖᣡ£¡£¡£¡£¾­ÓÉÉí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔͨ¹ýʹÓá°cd ..¡±¸ü¸ÄĿ¼À´¼òÆӵرéÀúЧÀÍÆ÷¸ùĿ¼¡£¡£¡£¡£¡£


CVE-2019-7225


ÊÜÓ°ÏìµÄABB×é¼þʵÏÖÔÚHMI½çÃæµÄ¹©Ó¦½×¶ÎʹÓõÄÒþ²ØÖÎÀíÕÊ»§¡£¡£¡£¡£¡£ÕâЩƾ֤ÔÊÐíÉèÖù¤¾ß¡°Panel Builder 600¡±ÉÁ×ÆеĽçÃæºÍ±êÇ©£¨MODBUSÏßȦ£©Ó³Éäµ½HMI¡£¡£¡£¡£¡£


CVE-2019-7226


IDAL HTTPЧÀÍÆ÷CGI½Ó¿Ú°üÀ¨Ò»¸öURL£¬£¬£¬£¬£¬£¬£¬ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÈƹýÉí·ÝÑéÖ¤²¢»ñÈ¡¶ÔÌØȨ¹¦Ð§µÄ»á¼ûȨÏÞ¡£¡£¡£¡£¡£


CVE-2019-7232


ÔÚHTTPÇëÇóÖÐÎüÊÕ´óÐÍÖ÷»úͷʱ£¬£¬£¬£¬£¬£¬£¬IDAL HTTPЧÀÍÆ÷ÈÝÒ×Êܵ½»ùÓÚ¿ÍÕ»µÄ»º³åÇøÒç³öµÄÓ°Ïì¡£¡£¡£¡£¡£Ö÷»úÍ·ÖµÒç³ö»º³åÇø²¢Ê¹Óøü´óµÄ»º³åÇøÁýÕֽṹ»¯Òì³£´¦Öóͷ£³ÌÐò£¨SEH£©µØµã¡£¡£¡£¡£¡£


CVE-2019-7228


IDAL HTTPЧÀÍÆ÷ͨ¹ý²»Çå¾²µØʹÓÃÓû§ÌṩµÄÃûÌÃ×Ö·û´®ÈÝÒ×Êܵ½ÄÚ´æË𻵡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔÀÄÓô˹¦Ð§À´ÈƹýÉí·ÝÑéÖ¤»òÔÚЧÀÍÆ÷ÉÏÖ´ÐдúÂë¡£¡£¡£¡£¡£



Îó²îÑéÖ¤



POC£º


CVE-2019-1716

https://www.darkmatter.ae/xen1thlabs/cisco-ip-phone-webui-remote-code-execution-vulnerability/¡£¡£¡£¡£¡£


CVE-2019-10886

https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-arbitrary-file-read-vulnerability-xl-19-002/


CVE-2019-11336

https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/


CVE-2019-7230

https://www.darkmatter.ae/xen1thlabs/abb-idal-ftp-server-uncontrolled-format-string-vulnerability-xl-19-004/


CVE-2019-7229

https://www.darkmatter.ae/xen1thlabs/abb-hmi-absence-of-signature-verification-vulnerability-xl-19-005/


CVE-2019-7231

https://www.darkmatter.ae/xen1thlabs/abb-idal-ftp-server-buffer-overflow-vulnerability-xl-19-007/


CVE-2019-7227

https://www.darkmatter.ae/xen1thlabs/abb-idal-ftp-server-path-traversal-vulnerability-xl-19-008/


CVE-2019-7225

https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/


CVE-2019-7226

https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-authentication-bypass-vulnerability-xl-19-010/


CVE-2019-7232

https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-stack-based-buffer-overflow-vulnerability-xl-19-011/


CVE-2019-7228

https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-uncontrolled-format-string-vulnerability-xl-19-012/



ÐÞ¸´½¨Òé



ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó¼ûÈçÉÏÁ´½Ó¡£¡£¡£¡£¡£



²Î¿¼Á´½Ó



https://www.darkmatter.ae/xen1thlabs/published-advisories/