¸»Ê¿µç»ú PLC »á¼û¹¤¾ß¶à¸ö¸ßΣÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2018-09-14

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-14809£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14811£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14813£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14815£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14817£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14819£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14823£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


V-Server 4.0.3.0¼°Ö®Ç°°æ±¾


Îó²î¸ÅÊö


ICS-CERT ±¾ÖÜÐû²¼Á½¸öÇ徲ͨ¸æÖ¸³ö£¬£¬£¬£¬£¬ÕâЩÇå¾²Îó²î¿Éµ¼ÖÂÔ¶³Ì¹¥»÷ÕßÖ´ÐÐí§Òâ´úÂë¡£¡£ ¡£¡£¡£¸»Ê¿µç»ú V-Server ¹¤¾ß¿Éµ¼ÖÂ×éÖ¯»ú´ÓλÓÚÆóÒµÍøÂçÖеÄÅÌËãʱ»ú¼ûλÓÚ¹¤³§ÖеĿɱà³ÌÂß¼­¿ØÖÆÆ÷ (PLCs)¡£¡£ ¡£¡£¡£ÕâÁ½¸öϵͳ¾­ÓÉÓÃÓÚ¼à¿Ø PLCs µÄ Monitouch HMI ͨ¹ýÒÔÌ«ÍøÅþÁ¬¡£¡£ ¡£¡£¡£ICS-CERT ÌåÏָòúÆ·ÔÚÈ«Çò¹æÄ£ÄÚÖ÷ÒªÊÇÔÚÒªº¦ÖÆÔìÐÐҵʹÓᣡ£ ¡£¡£¡£


¸»Ê¿µç»ú V-Server ÊÜʹÓúóÊÍ·Å¡¢²»ÊÜÐÅÈεÄÖ¸ÕëÒýÓᢶѻº³åÒç³ö¡¢´øÍâдÈë¡¢ÕûÊý·´ÏòÒçλ¡¢´øÍâ¶ÁÈ¡ºÍÕ»»º³åÒç³öÎó²îµÄÓ°Ï죬£¬£¬£¬£¬¿ÉÄܵ¼Ö·ºÆðÔ¶³Ì´úÂëÖ´ÐÐЧ¹û£¬£¬£¬£¬£¬´Ó¶øÒý·¢ DoS Ìõ¼þ»òÐÅϢй¶ÎÊÌâ¡£¡£ ¡£¡£¡£


ICS-CERT »¹Ðû²¼ÁíÍâÒ»·ÝÇ徲ͨ¸æ˵Ã÷ÎúÓ°Ïì V-Server Lite µÄ¸ßÎ £»£»£»£»£»£»£»º³åÒç³öÎó²î¡£¡£ ¡£¡£¡£¸ÃȱÏݿɱ»ÓÃÓÚÖ´ÐдúÂ룬£¬£¬£¬£¬Í¨¹ýÌØÊâ½á¹¹µÄÏîÄ¿Îļþ´¥·¢ DoS Ìõ¼þ»òÐÅϢй¶ÎÊÌâ¡£¡£ ¡£¡£¡£


ÕâЩ V-Server Îó²îÊÇÓÉ Source Incite ¹«Ë¾µÄ Steven Seeleyͨ¹ýÇ÷ÊƿƼ¼ ZDI ¼û¸æ³§É̵Ä¡£¡£ ¡£¡£¡£Ó°Ïì Lite °æ±¾µÄȱÏÝÊÇÓÉ Ariele Caltabiano £¨¼´ kimiya£©·¢Ã÷²¢¼û¸æ¸»Ê¿µç»ú¡£¡£ ¡£¡£¡£


ICS-CERT ÖÒÑԳƣ¬£¬£¬£¬£¬Ä³Ð©Îó²îµÄʹÓôúÂëÒѹûÕ棬£¬£¬£¬£¬Õâ¿ÉÄÜÊÇÕë¶Ô ZDI ÒÑÐû²¼Ê®¼¸¸ö˵Ã÷ÓÉ Seeley ºÍ Caltabiano ´Ó¸»Ê¿µç»ú V-Server ÖÐÕÒµ½µÄÇå¾²Îó²îµÄÇ徲ͨ¸æһʶøÑԵġ£¡£ ¡£¡£¡£ZDI ºÍ ICS-CERTÐû²¼Ç徲ͨ¸æµÄʱ¼äÏà²îÊýСʱ£¬£¬£¬£¬£¬µ«ZDI ²¢Î´ÔÚÇ徲ͨ¸æÖÐÌá¼°ÊÖÒÕÐÅÏ¢¡£¡£ ¡£¡£¡£


ZDI ÔÚÇ徲ͨ¸æÖÐÖ¸³ö£¬£¬£¬£¬£¬Seeley ÔÚ2018Äê3Ô·ݡ¢Caltabiano ÔÚ2018Äê6Ô·ݽ«Îó²î¼û¸æ³§ÉÌ¡£¡£ ¡£¡£¡£ZDI ÌåÏÖ£¬£¬£¬£¬£¬ÕâЩȱÏÝ¡°±£´æÓÚ¶Ô VPR ÎļþµÄÆÊÎöÀú³ÌÖС±£¬£¬£¬£¬£¬¿ÉÄÜÊÇÓÉÓÚÔÚÖ´ÐйØÓÚ¹¤¾ßµÄ²Ù×÷֮ǰȱ·¦¶Ô¹¤¾ßµÄÑéÖ¤Ôì³ÉµÄ£¬£¬£¬£¬£¬Ò²¿ÉÄÜÊÇÓÉÓÚȱ·¦¶ÔÓû§ÌṩÊý¾ÝµÄ׼ȷÑéÖ¤Ôì³ÉµÄ¡£¡£ ¡£¡£¡£


ËäÈ» ICS-CERT ¶ÔÕâЩÎó²îµÄÆÀ¼¶Îª¡°¸ßΣ¡±£¬£¬£¬£¬£¬µ« ZDI ½«ÆäÆÀΪ¡°ÖÐΣ¡±£¬£¬£¬£¬£¬CVSS ÆÀ·ÖΪ6.8·Ý¡£¡£ ¡£¡£¡£Caltabiano ·¢Ã÷µÄÈõµãÔÚ ZDI Ç徲ͨ¸æÖеĠCVSS ÆÀ·ÖÊÇ9.3£¨¸ßΣ£©¡£¡£ ¡£¡£¡£


ÕâЩӰÏìÈÏÕ潫ÆóÒµÍøÂçÅþÁ¬ÖÁ¹¤¿Øϵͳ²úÆ·µÄÎó²î¿É´øÀ´ÑÏÖصÄÇ徲Σº¦£¬£¬£¬£¬£¬ÓÉÓÚÕâÕýÊÇÐí¶àÍþвÕßÊÔͼµÖ´ïÃô¸ÐϵͳµÄ;¾¶¡£¡£ ¡£¡£¡£


Positive Technologies ¹«Ë¾×î½üÐû²¼µÄÒ»ÏîÑо¿Ð§¹ûÏÔʾ£¬£¬£¬£¬£¬ÔÚÐí¶à×éÖ¯»ú¹¹ÖУ¬£¬£¬£¬£¬ºÚ¿Í¿ÉÈÝÒ×ͨ¹ýÆóÒµÍøÂç»ñÈ¡¶Ô¹¤ÒµÇéÐεĻá¼ûȨÏÞ¡£¡£ ¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC\EXP


ÐÞ¸´½¨Òé


¸»Ê¿µç»úÒÑÐû²¼°æ±¾4.0.4.0 ÐÞ¸´ÁËÕâЩÎó²î¡£¡£ ¡£¡£¡£

http://monitouch.fujielectric.com/site/support-e/download-index-01.html


²Î¿¼Á´½Ó

https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01

https://www.securityweek.com/flaws-found-fuji-electric-tool-links-corporate-pcs-ics