ABB System 800xA | ¶à¸öÇå¾²Îó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-05-21

0x00 Îó²î¸ÅÊö



²úÆ·

CVE ID

Àà ÐÍ

Îó²îÆ·¼¶

Ô¶³ÌʹÓÃ

Ó°Ïì¹æÄ£

ABB System 800xA

CVE-2020-8478

I

µÍΣ

·ñ

ABB System 800xAËùÓа汾

ABB System 800xA for DCI

CVE-2020-8484

PAC

¸ßΣ

·ñ

ABB System 800xA for DCIËùÓа汾

ABB System 800xA for MOD 300

CVE-2020-8485

PAC

¸ßΣ

·ñ

ABB System 800xA for MOD 300ËùÓа汾

ABB System 800xA RNRP

CVE-2020-8486

PAC

¸ßΣ

·ñ

ABB System 800xA RNRPËùÓа汾

ABB System 800xA Base

CVE-2020-8487

PAC

¸ßΣ

·ñ

ABB System 800xA BaseËùÓа汾

ABB System 800xA Batch Management

CVE-2020-8488

PAC

¸ßΣ

·ñ

ABB System 800xA Batch ManagementËùÓа汾

ABB System 800xA Information Management

CVE-2020-8489

PAC

¸ßΣ

·ñ

ABB System 800xA Information ManagementËùÓа汾


0x01 Îó²îÏêÇé


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨




ABB System 800xA Information ManagementÊÇÈðÊ¿ABB¹«Ë¾µÄÒ»Ì×ÐÅÏ¢ÖÎÀíϵͳ¡£¡£¡£¡£¡£¡£¸ÃϵͳÌṩÖÇÄÜÊý¾Ý»á¼û¹¦Ð§£¬£¬£¬£¬¿É»á¼ûÀ©Õ¹×Ô¶¯»¯ÏµÍ³ÖÐËùÓÐÓ¦ÓóÌÐòµÄʵʱºÍÀúÊ·ÐÅÏ¢¡£¡£¡£¡£¡£¡£ABB System 800xAÖб£´æ¶à¸öÇå¾²Îó²î£¬£¬£¬£¬ÏêϸÈçÏ£º

CVE-2020-8478ÊÇABB System 800xAÖб£´æµÄ×¢ÈëÎó²î¡£¡£¡£¡£¡£¡£ÍâµØ¹¥»÷Õß¿ÉʹÓøÃÎó²î×¢ÈëÊý¾Ý£¬£¬£¬£¬Ó°ÏìControl BuilderÖÐÏÔʾµÄÔËÐÐʱÊý¾ÝÊÓͼ¡£¡£¡£¡£¡£¡£

CVE-2020-8484ÊÇABB System 800xA for DCIÖб£´æµÄȨÏÞÔÊÐíºÍ»á¼û¿ØÖÆÎÊÌâÎó²î£¬£¬£¬£¬ÍâµØ¹¥»÷Õß¿ÉʹÓøÃÎó²î×¢ÈëÊý¾Ý£¬£¬£¬£¬¶Ô¿ØÖÆÆ÷¾ÙÐжÁд²Ù×÷»òµ¼ÖÂWindowsÀú³ÌÍ߽⡣¡£¡£¡£¡£¡£

CVE-2020-8485ÊÇABB System 800xA for MOD 300Öб£´æµÄȨÏÞÔÊÐíºÍ»á¼û¿ØÖÆÎÊÌâÎó²î¡£¡£¡£¡£¡£¡£ÍâµØ¹¥»÷Õß¿ÉʹÓøÃÎó²î×¢ÈëÊý¾Ý£¬£¬£¬£¬¶Ô¿ØÖÆÆ÷¾ÙÐжÁд²Ù×÷»òµ¼ÖÂWindowsÀú³ÌÍ߽⡣¡£¡£¡£¡£¡£

CVE-2020-8486ÊÇABB System 800xA RNRPÖб£´æµÄȨÏÞÔÊÐíºÍ»á¼û¿ØÖÆÎÊÌâÎó²î¡£¡£¡£¡£¡£¡£ÍâµØ¹¥»÷Õß¿ÉʹÓøÃÎó²î×¢ÈëÊý¾Ý£¬£¬£¬£¬Ó°Ïì½ÚµãÈßÓà´¦Öóͷ£¡£¡£¡£¡£¡£¡£

CVE-2020-8487ÊÇABB System 800xA BaseÖб£´æµÄȨÏÞÔÊÐíºÍ»á¼û¿ØÖÆÎÊÌâÎó²î¡£¡£¡£¡£¡£¡£ÍâµØ¹¥»÷Õß¿ÉʹÓøÃÎó²î×¢ÈëÊý¾Ý£¬£¬£¬£¬Ó°Ïì½ÚµãÈßÓà´¦Öóͷ£¡£¡£¡£¡£¡£¡£

CVE-2020-8488ÊÇABB System 800xA Batch ManagementÖб£´æµÄȨÏÞÔÊÐíºÍ»á¼û¿ØÖÆÎÊÌâÎó²î¡£¡£¡£¡£¡£¡£ÍâµØ¹¥»÷Õß¿ÉʹÓøÃÎó²î×¢ÈëÊý¾Ý£¬£¬£¬£¬Ó°ÏìÓû§½çÃæµÄ¸üУ¬£¬£¬£¬½ÏÁ¿/´òÓ¡¹¦Ð§¡£¡£¡£¡£¡£¡£

CVE-2020-8489ÊÇABB System 800xA Information ManagementÖб£´æµÄȨÏÞÔÊÐíºÍ»á¼û¿ØÖÆÎÊÌâÎó²î¡£¡£¡£¡£¡£¡£ÍâµØ¹¥»÷Õß¿ÉʹÓøÃÎó²î×¢ÈëÊý¾Ý¡£¡£¡£¡£¡£¡£


0x02 ´¦Öóͷ£½¨Òé


ÏÖÔÚ³§ÉÌÔÝδÐû²¼ÐÞ¸´²½·¥½â¾ö´ËÇå¾²ÎÊÌ⣬£¬£¬£¬½¨ÒéʹÓôËÈí¼þµÄÓû§ËæÊ±¹Ø×¢³§ÉÌÖ÷Ò³»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö²½·¥£ºhttps://new.abb.com/

ÔÝʱ²½·¥£ºÓÉÓÚ¹¥»÷ÕßÐèÒªÄܹ»µÇ¼µ½ÏµÍ³²¢Ö´ÐÐÌØÖÆµÄÈí¼þ²Å»ªÊ¹ÓÃÎó²î£¬£¬£¬£¬Òò´ËÐèҪȷ±£Ö»ÓÐÊÚȨְԱ¿ÉÒÔ»á¼ûϵͳ½ÚµãÉϵÄÓû§ÕÊ»§£¬£¬£¬£¬²¢ÔÚABB System 800xAÉÏʹÓð×Ãûµ¥¡£¡£¡£¡£¡£¡£


0x03 Ïà¹ØÐÂÎÅ


https://ics-cert.kaspersky.com/news/2020/04/30/abb-vulnerabilities/


0x04 ²Î¿¼Á´½Ó


https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch


0x05 ʱ¼äÏß


2020-05-21 VSRCÐû²¼Îó²îͨ¸æ


¼øºÚµ£±£Íø(jhdbw)¡¤×î¾ßȨÍþΨһάȨµ£±£Æ½Ì¨