ÐÅÏ¢Çå¾²Öܱ¨-2020ÄêµÚ19ÖÜ

Ðû²¼Ê±¼ä 2020-05-11

> ±¾ÖÜÇ徲̬ÊÆ×ÛÊö


2020Äê05ÔÂ04ÈÕÖÁ05ÔÂ10ÈÕ¹²ÊÕ¼Çå¾²Îó²î60¸ö£¬£¬£¬ÖµµÃ¹Ø×¢µÄÊÇAdvantech WebAccess Node¶à¸öÕ»Òç³öÎó²î; S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§´úÂëÖ´ÐÐÎó²î£»£»£»£»IBM Data Risk Managerí§ÒâÎļþÏÂÔØÎó²î£»£»£»£»3S-Smart Software Solutions CODESYS Runtime PLC_Task´úÂëÖ´ÐÐÎó²î£»£»£»£»Mozilla Firefox SCTP»º³åÇøÒç³öÎó²î¡£¡£¡£¡£¡£¡£


±¾ÖÜÖµµÃ¹Ø×¢µÄÍøÂçÇå¾²ÊÂÎñÊǹȸèÐû²¼ÁËÕë¶ÔAndroid OSµÄÇå¾²¸üУ¬£¬£¬ÐÞ¸´¶à¸öÎó²î£»£»£»£»Èí¼þ¹«Ë¾SAPÐû²¼Æä²úÆ·±£´æÎó²î£¬£¬£¬»ò½«Ó°Ïì9£¥Óû§£»£»£»£»ºÚ¿ÍÉù³ÆÈëÇÖMicrosoft GitHubÕÊ»§£¬£¬£¬²¢ÇÔÈ¡³¬500GBÊý¾Ý£»£»£»£»ÈÎÌìÌÃÔâºÚ¿Í¹¥»÷£¬£¬£¬Ð¹Â¶°üÀ¨ÍêÕûÔ´´úÂëÔÚÄÚµÄ2TBÎļþ£»£»£»£»Ë¼¿ÆÐû²¼Çå¾²¸üУ¬£¬£¬ÐÞ¸´¶à¸ö²úÆ·ÖеÄ12¸öÎó²î¡£¡£¡£¡£¡£¡£


ƾ֤ÒÔÉÏ×ÛÊö£¬£¬£¬±¾ÖÜÇå¾²ÍþвΪÖС£¡£¡£¡£¡£¡£


>Ö÷ÒªÇå¾²Îó²îÁбí


1. Advantech WebAccess Node¶à¸öÕ»Òç³öÎó²î


Advantech WebAccess Node±£´æ¶à¸öÕ»Òç³öÎó²î£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»ò¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£

https://www.us-cert.gov/ics/advisories/icsa-20-128-0


2. S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§´úÂëÖ´ÐÐÎó²î


S.Siedle£¦Soehne SG 150-0 Smart Gateway±¸·Ý¹¦Ð§±£´æÇå¾²Îó²î£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£

https://research.hisolutions.com/2020/04/open-the-gates-insecurity-of-cloudless-smart-door-systems


3. IBM Data Risk Managerí§ÒâÎļþÏÂÔØÎó²î


IBM Data Risk Manager±£´æĿ¼±éÀúÎó²î£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬¿ÉÏÂÔØí§ÒâÎļþ¡£¡£¡£¡£¡£¡£

https://www.ibm.com/support/pages/node/6206875


4. 3S-Smart Software Solutions CODESYS Runtime PLC_Task´úÂëÖ´ÐÐÎó²î


3S-Smart Software Solutions CODESYS Runtime PLC_Task¹¦Ð§±£´æÇå¾²Îó²î£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄÇëÇ󣬣¬£¬¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1003


5. Mozilla Firefox SCTP»º³åÇøÒç³öÎó²î


Mozilla Firefox ESR SCTP»º³åÇøÒç³öÎó²î£¬£¬£¬ÔÊÐíÔ¶³Ì¹¥»÷Õß¿ÉÒÔʹÓÃÎó²îÌá½»ÌØÊâµÄWEBÇëÇ󣬣¬£¬ÓÕʹÓû§ÆÊÎö£¬£¬£¬¿ÉʹӦÓóÌÐò±ÀÀ£»£»£»£»òÕß¿ÉÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£

https://www.auscert.org.au/bulletins/ESB-2020.1600/


> Ö÷ÒªÇå¾²ÊÂÎñ×ÛÊö


1¡¢¹È¸èÐû²¼ÁËÕë¶ÔAndroid OSµÄÇå¾²¸üУ¬£¬£¬ÐÞ¸´¶à¸öÎó²î

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.securityweek.com/androids-may-2020-patches-fix-critical-system-vulnerability


2¡¢Èí¼þ¹«Ë¾SAPÐû²¼Æä²úÆ·±£´æÎó²î£¬£¬£¬»ò½«Ó°Ïì9£¥Óû§


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.zdnet.com/article/sap-notifying-9-of-customers-about-security-bugs-in-some-cloud-products/


3¡¢ºÚ¿ÍÉù³ÆÈëÇÖMicrosoft GitHubÕÊ»§£¬£¬£¬²¢ÇÔÈ¡³¬500GBÊý¾Ý


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.bleepingcomputer.com/news/security/microsofts-github-account-allegedly-hacked-500gb-stolen/


4¡¢ÈÎÌìÌÃÔâºÚ¿Í¹¥»÷£¬£¬£¬Ð¹Â¶°üÀ¨ÍêÕûÔ´´úÂëÔÚÄÚµÄ2TBÎļþ


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://www.videogameschronicle.com/news/a-full-mario-64-pc-port-has-been-released/


5¡¢Ë¼¿ÆÐû²¼Çå¾²¸üУ¬£¬£¬ÐÞ¸´¶à¸ö²úÆ·ÖеÄ12¸öÎó²î


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


Ô­ÎÄÁ´½Ó£º

https://threatpost.com/cisco-fixes-high-severity-flaws-in-firepower-security-software-asa/155568/