ControlByWeb¹¤ÒµÆøÏóÕ¾¿ØÖÆÆ÷Îó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-01-21

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-18881£¬£¬£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.6£¬£¬£¬£¬£¬ £¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-18882£¬£¬£¬£¬£¬ £¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬ £¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.6£¬£¬£¬£¬£¬ £¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ControlByWeb ControlByWeb X-320M 1.05°æ±¾¼°ÒÔÇ°°æ±¾¡£¡£¡£


Îó²î¸ÅÊö


Xytronix Research&Design ControlByWeb X-320MÊÇÃÀ¹úXytronix Research&Design¹«Ë¾µÄÒ»¿îÖ§³ÖÍøÂçµÄÆøÏóÕ¾¿ØÖÆÆ÷¡£¡£¡£¸Ã²úÆ·¿ÉÒÔ½«ÌìÆøÊý¾ÝÐû²¼µ½×¨ÃŵÄÆøÏóЧÀÍ£¬£¬£¬£¬£¬ £¬£¬ÈôÊÇÁè¼ÝÖ¸¶¨µÄ²ÎÊý£¬£¬£¬£¬£¬ £¬£¬Ëü¿ÉÒÔ·¢Ë͵ç×ÓÓʼþºÍ¶ÌÐÅ֪ͨ£¬£¬£¬£¬£¬ £¬£¬²¢ÇÒ¿ÉÒÔÔ¶³Ì¼¤»î¹«Ë¾ÖÆÔìµÄÆäËû²úÆ·µÄ¼ÌµçÆ÷¡£¡£¡£


ControlByWebµÄÒÔÌ«ÍøI / O²úÆ·ÅäÓÐÄÚÖÃWebЧÀÍÆ÷£¬£¬£¬£¬£¬ £¬£¬¿Éͨ¹ýWebä¯ÀÀÆ÷¾ÙÐлá¼û¡£¡£¡£Æä²úÆ·¿ÉÒÔÇáËɼ¯³Éµ½¹¤Òµ×Ô¶¯»¯ºÍSCADAϵͳÖУ¬£¬£¬£¬£¬ £¬£¬»òÕß¿ÉÒÔ×÷Ϊ×ÔÁ¦×°±¸Ê¹Óᣡ£¡£


CVE-2018-18881


Xytronix Research&Design ControlByWeb X-320MÔÚʵÏÖÖб£´æÉí·ÝÑéÖ¤Çå¾²Îó²î¡£¡£¡£¹¥»÷Õß¿ÉʹÓøÃÎó²îÔì³É¾Ü¾øЧÀÍ¡£¡£¡£


¸Ã×°±¸µÄWeb-Enabled Instrumentation-Grade Data AcquisitionÄ£¿£¿£¿éÊܵ½¾Ü¾øЧÀÍ£¨DoS£©Îó²îµÄÓ°Ï죬£¬£¬£¬£¬ £¬£¬¸ÃÎó²î¿É±»Ê¹ÓÃÀ´ÆÆËð×°±¸ÉÏͨ¹ýÌض¨ÍøÂçÉèÖþÙÐеÄËùÓÐͨѶ¡£¡£¡£ÏêϸÀ´Ëµ£¬£¬£¬£¬£¬ £¬£¬¹¥»÷Õß¿ÉÒÔ½«setup.htmlÒ³ÃæÖеġ°IP¹ýÂËÆ÷¹æÄ£1¡±Ñ¡Ïî´Ó255.255.255.255ÉèÖÃΪ0.0.0.0£¬£¬£¬£¬£¬ £¬£¬Õâ»áµ¼ÖÂÒ»Á¬µÄDoSÌõ¼þ×èÖ¹»á¼û×°±¸³ý·ÇÖ´Ðлָ´³ö³§ÉèÖᣡ£¡£


CVE-2018-18882


Xytronix Research&Design ControlByWeb X-320MÖб£´æ¿çÕ¾¾ç±¾Îó²î£¬£¬£¬£¬£¬ £¬£¬¸ÃÎó²îÔ´ÓÚ³ÌÐòûÓÐ׼ȷµØÑéÖ¤ÊäÈë¡£¡£¡£Ô¶³Ì¹¥»÷Õß¿ÉʹÓøÃÎó²îÖ´ÐдúÂë¡£¡£¡£


Ëü»áÓ°ÏìͳһHTMLÒ³ÃæÉϵġ°Õ¾µãÐÎò¡±ÊäÈë×ֶΡ£¡£¡£¹¥»÷Õß¿ÉÄܻὫ¶ñÒâ¾ç±¾×¢Èë´Ë×ֶΣ¬£¬£¬£¬£¬ £¬£¬²¢ÔÚÕýµ±Óû§»á¼û×°±¸µÄ״̬ҳʱִÐС£¡£¡£


ÐÞ¸´½¨Ò飺


ControlByWebÐû²¼ÁË1.06°æÔ­À´ÐÞ²¹Îó²î£ºhttps://www.controlbyweb.com/firmware/X320M_V1.06_firmware.zip¡£¡£¡£


²Î¿¼Á´½Ó£º


https://ics-cert.us-cert.gov/advisories/ICSA-19-017-03

https://www.controlbyweb.com/firmware/X320M_V1.06_firmware.zip

https://www.securityweek.com/serious-flaws-found-controlbyweb-industrial-weather-station