Rockwell Automation¾Ü¾øЧÀÍÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2018-12-11

Îó²î±àºÅºÍ¼¶±ð



CVE±àºÅ£º CVE-2018-17924 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ8.6 £¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨



Ó°Ïì°æ±¾



MicroLogix 1400 Controllers Series A£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬Series B 21.003¼°Ö®Ç°°æ±¾ £¬£¬£¬£¬£¬£¬£¬Series C 21.003¼°Ö®Ç°°æ±¾£»£»£»£»£»£»1756-ENBT£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬1756-EWEB Series A£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬1756-EWEB Series B£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬1756-EN2F Series A£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬1756-EN2F Series B£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬1756-EN2F Series C 10.10¼°Ö®Ç°°æ±¾ £¬£¬£¬£¬£¬£¬£¬1756-EN2T Series A£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬1756-EN2T Series B£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬1756-EN2T Series C£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬1756-EN2T 10.10¼°Ö®Ç°°æ±¾ £¬£¬£¬£¬£¬£¬£¬1756-EN2TR Series A£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬1756-EN2TR Series B£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬Series C 10.10¼°Ö®Ç°°æ±¾ £¬£¬£¬£¬£¬£¬£¬1756-EN3TR Series A£¨ËùÓа汾£© £¬£¬£¬£¬£¬£¬£¬1756-EN3TR Series B 10.10¼°Ö®Ç°°æ±¾£¨1756 ControlLogix EtherNet/IPͨѶÄ£¿£¿£¿ £¿£¿é£©¡£¡£¡£¡£¡£



Îó²î¸ÅÊö



ÉÏÖÜËÄ £¬£¬£¬£¬£¬£¬£¬ICS-CERT Ðû²¼Ç徲ͨ¸æÏêÊö¸ÃÎó²îÇéÐÎ £¬£¬£¬£¬£¬£¬£¬²»¹ýÂÞ¿ËΤ¶û×Ô¶¯»¯¹«Ë¾ÔÚÊýÖÜÇ°¾Í֪ͨ¿Í»§Ïà¹ØÇéÐÎ £¬£¬£¬£¬£¬£¬£¬¶øÂÞ¿ËΤ¶ûÇ徲ͨ¸æ½öÏò×¢²áÓû§¹ûÕæ¡£¡£¡£¡£¡£



ÂÞ¿ËΤ¶û¹«Ë¾ºÍ ICS-CERT ¹«Ë¾ÌåÏÖ £¬£¬£¬£¬£¬£¬£¬¸ÃÎó²î (CVE-2018-1792) µÄ CVSSv3ÆÀ·ÖΪ8.6 £¬£¬£¬£¬£¬£¬£¬Ó°ÏìA¡¢B¡¢CϵÁÐµÄ MicroLogix 1400 ¿ØÖÆÆ÷¡£¡£¡£¡£¡£Ëü»¹Ó°Ïì1756 ControlLogix ÒÔÌ«Íø/IP ͨѶÄ£¿£¿£¿ £¿£¿éµÄ¶à¸ö°æ±¾ £¬£¬£¬£¬£¬£¬£¬°üÀ¨A¡¢B¡¢CºÍDϵÁС£¡£¡£¡£¡£



ICS-CERT ÌåÏÖÊÜÓ°Ïì²úÆ·ÓÃÓÚÈ«Çò¸÷µØ¶à¸öÐÐÒµ £¬£¬£¬£¬£¬£¬£¬È罻ͨ¡¢Òªº¦ÖÆÔìÒµ¡¢Ê³ÎïºÍÅ©Òµ¡¢ÒÔ¼°Ë®ºÍ·ÏË®ÐÐÒµ¡£¡£¡£¡£¡£



¸ÃÎó²î¿Éµ¼ÖÂÔ¶³Ìδ¾­ÈÏÖ¤µÄ¹¥»÷Õßµ¼ÖÂÊÜÓ°Ïì×°±¸½øÈë DoS Ìõ¼þ¡£¡£¡£¡£¡£ÂÞ¿ËΤ¶û¹«Ë¾Ú¹ÊÍ³Æ £¬£¬£¬£¬£¬£¬£¬Î´¾­ÈÏÖ¤µÄÔ¶³ÌÍþвÕß¿ÉÄÜÏòÊÜÓ°Ïì×°±¸·¢ËÍ CIP ÅþÁ¬ÇëÇó²¢ÔÚÀÖ³ÉÅþÁ¬ºóÏòÊÜÓ°Ïì×°±¸·¢ËÍÐ嵀 IP ÉèÖÃÐÅÏ¢ £¬£¬£¬£¬£¬£¬£¬×ÝȻϵͳÖеĿØÖÆÆ÷±»ÉèÖÃΪ¡°Hard Run¡±Ä£Ê½¡£¡£¡£¡£¡£µ±ÊÜÓ°Ïì×°±¸½ÓÊÜÁËÕâ¸öÐ嵀 IP ÉèÖÃÐÅÏ¢ºó £¬£¬£¬£¬£¬£¬£¬×°±¸ºÍϵͳÆäËü²¿·ÖÖ®¼ä¾ÍȱʧÁËͨѶ £¬£¬£¬£¬£¬£¬£¬Ôµ¹ÊÔ­ÓÉÊÇϽµµÍ÷Á¿ÈÔÈ»ÔÚÊÔͼͨ¹ý±»¸²Ð´µÄ IP µØµãºÍ×°±¸Í¨Ñ¶¡£¡£¡£¡£¡£



ÂÞ¿ËΤ¶û¹«Ë¾ÒÑΪÊÜÓ°Ïì¿ØÖÆÆ÷ºÍͨѶÄ£¿£¿£¿ £¿£¿éÐû²¼¹Ì¼þ¸üР£¬£¬£¬£¬£¬£¬£¬µ«¶ÔÆäÖÐÐí¶à½öÐû²¼»º½â²½·¥¡£¡£¡£¡£¡£ÕâЩ²½·¥°üÀ¨Ê¹Ó÷À»ðǽ×èÖ¹Ô´×ÔԽȨȪԴµÄÒÔÌ«Íø/IP ÐÅÏ¢¡¢Ê¹ÓÃÓ²¼þ°´¼ü¿ª¹ØÉèÖÃ×èÖ¹¶Ô×°±¸¾ÙÐÐԽȨ¸ü¸Ä²¢½«¿ØÖÆϵͳµÄÍøÂç̻¶×îС»¯¡£¡£¡£¡£¡£



DoS Îó²î¿É¶Ô¹¤ÒµÇéÐδøÀ´ÑÏÖØΣº¦¡£¡£¡£¡£¡£¹¤¿ØÇéÐοɱ»ÓÃÓÚ¶ÔÉú²úϵͳÔì³ÉÑÏÖØË𺦡£¡£¡£¡£¡£ºÍÉñÃØÐÔΪ×îÖ÷ÒªµÄ IT ÍøÂçÇ·ºà £¬£¬£¬£¬£¬£¬£¬²Ù×÷ÊÖÒÕ (OT) ÍøÂçÔËÓªÖ°Ô±×î´óµÄµ£ÐÄÊÇ¿ÉÓÃÐÔÎÊÌâ¡£¡£¡£¡£¡£



Îó²îÑéÖ¤



ÔÝÎÞPOC/EXP¡£¡£¡£¡£¡£



ÐÞ¸´½¨Òé



¹Ù·½ÒѾ­Ðû²¼ÁËа汾ÐÞ¸´Á˸ÃÎó²î £¬£¬£¬£¬£¬£¬£¬ÇëÊÜÓ°ÏìµÄÓû§ÊµÊ±¸üР£¬£¬£¬£¬£¬£¬£¬ÐγɶԴËÎó²îºã¾ÃÓÐÓõķÀ»¤¡£¡£¡£¡£¡£



²Î¿¼Á´½Ó



https://ics-cert.us-cert.gov/advisories/ICSA-18-310-02

https://www.securityfocus.com/bid/106132/solution

https://www.securityweek.com/vulnerability-exposes-rockwell-controllers-dos-attacks