VxWorks¶à¸öÇå¾²Îó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-30

¡ô Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-12256 £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8 £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12257 £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8 £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12255 £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8 £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12260 £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8 £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12261 £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8 £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12263 £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.1 £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12258 £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.5 £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12259 £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.3 £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12262 £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.1 £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12264 £¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.1 £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-12265 £¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ £¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º5.4 £¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


¡ô Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾

 

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


¡ô Îó²î¸ÅÊö


VxWorksÊÇÌìÏÂÉÏʹÓÃ×îÆÕ±éµÄÒ»ÖÖÔÚǶÈëʽϵͳÖа²ÅŵÄʵʱ²Ù×÷ϵͳ £¬£¬£¬£¬ÊÇÓÉÃÀ¹úWindRiver¹«Ë¾£¨¼ò³Æ·çºÓ¹«Ë¾ £¬£¬£¬£¬¼´WRS ¹«Ë¾£©ÓÚ1983ÄêÉè¼Æ¿ª·¢µÄ £¬£¬£¬£¬VxWorks±»Áè¼Ý20ÒŲ́װ±¸Ê¹Óà £¬£¬£¬£¬°üÀ¨Òªº¦»ù´¡ÉèÊ© £¬£¬£¬£¬ÍøÂç×°±¸ £¬£¬£¬£¬Ò½ÁÆ×°±¸ £¬£¬£¬£¬¹¤ÒµÏµÍ³ÉõÖÁº½ÌìÆ÷¡£¡£¡£¡£¡£¡£¿£¿£¿ £¿£¿£¿£¿ÉÒÔ˵´ÓPLCµ½MRI»úе £¬£¬£¬£¬µ½·À»ðǽºÍ´òÓ¡»ú £¬£¬£¬£¬ÔÙµ½·É»ú £¬£¬£¬£¬»ð³µµÈµÈ¶¼ÓÐÆÕ±éÓ¦Óᣡ£¡£¡£¡£¡£


¿ËÈÕ £¬£¬£¬£¬VxWorks¹Ù·½Ðû²¼ÁËÇå¾²Îó²îͨ¸æ³ÆÐÞ¸´ÁËÓÉArmisÑо¿ÍŶӷ¢Ã÷²¢±¨¸æµÄ11¸öÇå¾²Îó²î £¬£¬£¬£¬ÆäÖÐÓÐ6¸ö¿Éµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐУ¨RCE£©Îó²î £¬£¬£¬£¬CVE-2019-12256¡¢CVE-2019-12255¡¢CVE-2019-12260 CVSSÆÀ·ÖΪ9.8·Ö¡£¡£¡£¡£¡£¡£ÆäÓà5¸öÎó²î¿ÉÄܵ¼Ö¾ܾøЧÀÍ £¬£¬£¬£¬ÐÅÏ¢×ß©»ò¹éÀàΪÂß¼­È±ÏÝ¡£¡£¡£¡£¡£¡£ÕâЩÎó²î±£´æÓÚVxWorksµÄTCP/IP¿ÍÕ»£¨IPnet£©ÖÐ £¬£¬£¬£¬Ó°ÏìVxWorks 7 (SR540 and SR610)¡¢VxWorks 6.5-6.9¼°Ê¹ÓÃInterpeak×ÔÁ¦ÍøÂç¿ÍÕ»µÄVxWorks°æ±¾¡£¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔʹÓÃÆäÖÐÎó²îʵÏÖÎÞÐèÓû§½»»¥¼°ÈÏ֤ʵÏÖÔ¶³Ì¹¥»÷ £¬£¬£¬£¬×îÖÕÔÚÍêÈ«¿ØÖÆÏà¹Ø×°±¸¡£¡£¡£¡£¡£¡£


ÔÚÈ«Çò £¬£¬£¬£¬Ê¹ÓÃVxWorksµÄÊýÄ¿ÓÐ126460¸ö £¬£¬£¬£¬ÆäÖÐÖйúÓÐ25046¸ö £¬£¬£¬£¬ÂþÑÜÈçÏ£º

 

¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨


¡ô Îó²îÑéÖ¤


ÏÖÔÚArmisÑо¿ÍŶÓÐû²¼ÁËÀÖ³ÉʹÓÃÎó²î¿ØÖÆÁËSonicWall·À»ðǽ¡¢Xerox´òÓ¡»ú¡¢²¡È˼໤ÒǵÄÑÝʾÊÓƵ £¬£¬£¬£¬¿ÉÊÇûÓÐÐû²¼Îó²îÏà¹Øϸ½Ú»òÎó²îÑéÖ¤³ÌÐò¡£¡£¡£¡£¡£¡£


¡ô ÐÞ¸´½¨Òé


SonicWall¼°Xerox¹Ù·½¾ùÒѾ­Ðû²¼Ïà¹ØÎó²î¸üС£¡£¡£¡£¡£¡£
SonicWall£ºhttps://blog.sonicwall.com/en-us/2019/07/wind-river-vxworks-and-urgent-11-patch-now/
Xerox£ºhttps://security.business.xerox.com/en-us/


¡ô ²Î¿¼Á´½Ó


https://armis.com/urgent11/ 
https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/