Ê©Ä͵µçÆøModicon M580ÖеĶà¸öÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-10-10

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6846£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ5.9£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6844£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6843£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6842£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6841£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6845£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ5.9£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6847£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6851£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.5£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Schneider Electric Modicon M580 BMEP582040 SV2.80


Îó²î¸ÅÊö


Schneider Electric Modicon M580ÊÇ·¨¹úÊ©Ä͵µçÆø£¨Schneider Electric£©¹«Ë¾µÄÒ»¿î¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷¡£¡£¡£¡£¡£¡£Schneider Electric Modicon M580Öб£´æ¶à¸öÎó²î£¬£¬£¬£¬ÏêϸÈçÏ£º


CVE-2019-6846

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTP¹¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõÄÐÅϢй¶Îó²î¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔÐá̽ÍøÂçÁ÷Á¿ÒÔʹÓôËÎó²î¡£¡£¡£¡£¡£¡£


CVE-2019-6844/CVE-2019-6843/CVE-2019-6842

Schneider Electric Modicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷¹Ì¼þ°æ±¾SV2.80µÄFTP¹Ì¼þ¸üй¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõľܾøЧÀÍÎó²î¡£¡£¡£¡£¡£¡£ÌØÖƵĹ̼þÓ³Ïñ¿ÉÄܵ¼ÖÂ×°±¸½øÈë¿É»Ö¸´µÄ¹ÊÕÏ״̬£¬£¬£¬£¬´Ó¶øµ¼ÖÂÕý³£×°±¸Ö´ÐÐ×èÖ¹¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔʹÓÃĬÈÏƾ֤À´·¢ËÍ´¥·¢´ËÎó²îµÄÏÂÁî¡£¡£¡£¡£¡£¡£


CVE-2019-6841

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTP¹Ì¼þ¸üÐÂЧÀ͹¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõľܾøЧÀÍÎó²î¡£¡£¡£¡£¡£¡£Ò»×éÌØÊⶩ¹ºµÄFTPÏÂÁî¿ÉÄÜ»áʹFTP loaderЧÀͽøÈëÆÚ´ý״̬£¬£¬£¬£¬´Ó¶øµ¼ÖÂÎÞ·¨Í¨¹ýFTP¸üÐÂ×°±¸¹Ì¼þ¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔʹÓÃĬÈÏƾ֤À´·¢ËÍ´¥·¢´ËÎó²îµÄÏÂÁî¡£¡£¡£¡£¡£¡£


CVE-2019-6845

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷µÄ¹Ì¼þ°æ±¾SV2.80µÄUMAS¹¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõÄÐÅϢй¶Îó²î¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔÐá̽ÍøÂçÁ÷Á¿ÒÔʹÓôËÎó²î¡£¡£¡£¡£¡£¡£


CVE-2019-6847

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTP¹Ì¼þ¸üй¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõľܾøЧÀÍÎó²î¡£¡£¡£¡£¡£¡£ÓâÆڵĹ̼þÓ³Ïñ¿ÉÄܵ¼ÖÂ×°±¸½øÈë²»¿É»Ö¸´µÄ¹ÊÕÏ״̬£¬£¬£¬£¬´Ó¶øµ¼ÖÂÓë×°±¸µÄÔ¶³ÌͨѶÍêÈ«×èÖ¹¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔʹÓÃĬÈÏƾ֤À´·¢ËÍ´¥·¢´ËÎó²îµÄÏÂÁî¡£¡£¡£¡£¡£¡£


CVE-2019-6851

Schneider Electric Modicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷µÄTFTPЧÀÍÆ÷¹¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõÄÐÅϢй¶Îó²î¡£¡£¡£¡£¡£¡£ÌØÖƵÄTFTP»ñÈ¡ÇëÇó¿ÉÄܵ¼ÖÂÎļþÏÂÔØ£¬£¬£¬£¬´Ó¶øµ¼ÖÂÃô¸ÐÐÅϢй¶¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔ·¢ËÍδ¾­Éí·ÝÑéÖ¤µÄÏÂÁîÀ´´¥·¢´ËÎó²î¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


CVE-2019-6844£º

POC: https://talosintelligence.com/reports/TALOS-2019-0825


CVE-2019-6843

POC: https://talosintelligence.com/reports/TALOS-2019-0824


CVE-2019-6842

POC: https://talosintelligence.com/reports/TALOS-2019-0823


CVE-2019-6841

POC: https://talosintelligence.com/reports/TALOS-2019-0822


CVE-2019-6851

POC: https://talosintelligence.com/reports/TALOS-2019-0851


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÔÝδÐû²¼ÐÞ¸´²½·¥½â¾ö´ËÇå¾²ÎÊÌ⣬£¬£¬£¬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³

»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö²½·¥£º

https://www.schneider-electric.com


²Î¿¼Á´½Ó


https://blog.talosintelligence.com/2019/10/vuln-spotlight-schneider-electric-m580-part-2-sept-2019.html