Î÷ÃÅ×ÓDejaBlue¡¢Urgent/11ºÍSACK PanicÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-09-12

¡ñÎó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-1181£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1182£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1222£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1226£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12255£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12256£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12257£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º8.8

CVE±àºÅ£ºCVE-2019-12258£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-12259£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-12260£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12261£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º8.8

CVE±àºÅ£ºCVE-2019-12262£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º7.1

CVE±àºÅ£ºCVE-2019-12263£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º8.1

CVE±àºÅ£ºCVE-2019-12264£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º7.1

CVE±àºÅ£ºCVE-2019-11477£¬£¬ £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬ £¬£¬£¬£¬CVSS·ÖÖµ£º7.5


¡ñÓ°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾

DejaBlue£º

Aptio by Inpeco:All versionsµÈ


Urgent/11£º

RUGGEDCOM WIN70xx Base Station:All versions

RUGGEDCOM WIN72xx Base Station:All versions


SACK Panic£º

CM 1542-1:All versionsµÈ


¡ñÎó²î¸ÅÊö


±¾ÖܶþÎ÷ÃÅ×ÓÐû²¼¼¸·ÝÇ徲ͨ¸æ£¬£¬ £¬£¬£¬£¬ÍƳö×î½üµÄDejaBlue¡¢Urgent/11ºÍSACK PanicÎó²îµÄÐÞ¸´²¹¶¡¡£¡£¡£¡£


Î÷ÃÅ×ÓÌåÏÖ£¬£¬ £¬£¬£¬£¬Î¢ÈíÔÚ8Ô·ÝÐÞ²¹µÄËĸöWindowsÔ¶³Ì×ÀÃæЧÀÍÎó²îÓ°ÏìÁ˲¿·ÖHealthineers²úÆ·£¬£¬ £¬£¬£¬£¬µ«´ó´ó¶¼Ò½ÁƲúƷδÊÜÓ°Ïì¡£¡£¡£¡£ÕâЩÎó²î±»×·×ÙΪDejaBlue£¬£¬ £¬£¬£¬£¬Óë΢ÈíÔÚ5Ô·ÝÐÞ¸´µÄBlueKeepÀàËÆ¡£¡£¡£¡£


Î÷ÃÅ×Ó»¹¼û¸æ¿Í»§ÆäÐí¶à²úÆ·Êܵ½×î½üÅû¶µÄLinuxÄÚºËÎó²î£¨SACK Panic£©µÄÓ°Ï죬£¬ £¬£¬£¬£¬ÆäÖÐ×îÑÏÖصÄÒ»¸öÎó²îΪ¿Éµ¼ÖÂDoSµÄÎó²î£¨CVE-2019-11477£©¡£¡£¡£¡£


±ðµÄ£¬£¬ £¬£¬£¬£¬Î÷ÃÅ×ÓRUGGEDCOM WIN²úÆ·Êܵ½×î½üÅû¶µÄWind River VxWorksÎó²î£¨Urgent/11£©Ó°Ïì¡£¡£¡£¡£


Î÷ÃÅ×Ó»¹Ðû²¼ÁËÁíÍâËķݱ¨¸æ¡£¡£¡£¡£ËüÃÇÐÎòÁËIE / WSN-PA LinkÍø¹ØÖеĸßÑÏÖØÐÔ¿çÕ¾¾ç±¾£¨XSS£©Îó²î£¬£¬ £¬£¬£¬£¬ÕâÊÇSIMATIC TDC CP51M1Ä£¿£¿£¿£¿£¿éÖеĸßÑÏÖØÐÔDoSȱÏÝ£¬£¬ £¬£¬£¬£¬ÊÇSINETPLANÖиßÑÏÖØÐÔµÄÈÏÖ¤ºóÏÂÁîÖ´Ðйýʧ£¬£¬ £¬£¬£¬£¬ÒÔ¼°SINEMA Remote Connect ServerÖеÄÖÖÖÖÖеȺ͸ßÑÏÖØÐÔÎó²î¡£¡£¡£¡£


¡ñÎó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£


¡ñÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬ £¬£¬£¬£¬ÏÂÔØÁ´½Ó£ºhttps://new.siemens.com/global/en/products/services/cert.html#SecurityPublications¡£¡£¡£¡£


¡ñ²Î¿¼Á´½Ó


https://www.securityweek.com/siemens-issues-advisories-dejablue-sack-panic-vulnerabilities