¡¾Îó²îͨ¸æ¡¿Distributed Data Systems WebHMIÎļþÉÏ´«Îó²î£¨CVE-2021-43936£©

Ðû²¼Ê±¼ä 2021-12-07


0x00 Îó²î¸ÅÊö

2021Äê12ÔÂ2ÈÕ£¬£¬£¬ £¬£¬ÃÀ¹úÍøÂçÇå¾²ºÍ»ù´¡ÉèÊ©Çå¾²¾Ö (CISA)Ðû²¼Ç徲ͨ¸æ£¬£¬£¬ £¬£¬Åû¶ÁËDistributed Data Systems£¨ÂþÑÜʽÊý¾Ýϵͳ£©¹«Ë¾µÄWebHMI²úÆ·Öб£´æµÄ2¸öÑÏÖØÎó²î£¨CVE-2021-43936ºÍCVE-2021-43931£©£¬£¬£¬ £¬£¬ÀÖ³ÉʹÓÃÕâЩÎó²î¿ÉÒÔÒÔÖÎÀíÔ±ÕÊ»§µÇ¼¶øÎÞÐè¾­ÓÉÉí·ÝÑéÖ¤£¬£¬£¬ £¬£¬²¢ÒÔroot ȨÏÞÔ¶³ÌÖ´ÐдúÂë¡£¡£¡£

 

0x01 Îó²îÏêÇé

image.png

Õâ2¸öÎó²îÓ°ÏìÁ˹¤Òµ¿ØÖÆÏµÍ³ÖеÄÒªº¦ÖÆÔìÒµ£¬£¬£¬ £¬£¬ÏÖÔÚÔÝδ¼ì²âµ½ÔÚҰʹÓᣡ£¡£Îó²îÏêÇéÈçÏ£º

WebHMIÉí·ÝÑéÖ¤ÈÆ¹ýÎó²î£¨CVE-2021-43931£©

WebHMI°æ±¾4.1֮ǰµÄÈÏÖ¤Ëã·¨ÊÇÍêÕûµÄ£¬£¬£¬ £¬£¬µ«ËùʵÑéµÄ»úÖÆ¿ÉÒÔ±»Èƹý¡£¡£¡£¸ÃÎó²îµÄCVSSÆÀ·ÖΪ9.8£¬£¬£¬ £¬£¬¹¥»÷ÖØÆ¯ºóµÍ£¬£¬£¬ £¬£¬ÎÞÐèÌØÊâȨÏÞºÍÓû§½»»¥¼´¿É±»Ô¶³ÌʹÓᣡ£¡£

 

WebHMIÎļþÉÏ´«Îó²î£¨CVE-2021-43936£©

WebHMI°æ±¾4.1֮ǰ¿ÉÒÔ²»ÊÜÏÞÖÆµØÉÏ´«¶ñÒâµÄÎļþ£¬£¬£¬ £¬£¬ÕâЩÎļþ¿ÉÒÔÔÚ²úÆ·ÇéÐÎÖÐ×Ô¶¯´¦Öóͷ£»òµ¼ÖÂí§Òâ´úÂëÖ´ÐС£¡£¡£¸ÃÎó²îµÄCVSSÆÀ·ÖΪ10.0£¬£¬£¬ £¬£¬¹¥»÷ÖØÆ¯ºóµÍ£¬£¬£¬ £¬£¬ÎÞÐèÌØÊâȨÏÞºÍÓû§½»»¥¼´¿É±»Ô¶³ÌʹÓᣡ£¡£

 

Ó°Ïì¹æÄ£

WebHMI < 4.1

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚÕâЩÎó²îÒѾ­ÐÞ¸´£¬£¬£¬ £¬£¬½¨Ò齫WebHMIÉý¼¶µ½×îа汾4.1¡£¡£¡£

ÏÂÔØÁ´½Ó£º

http://webhmi.com.ua/en/2021/09/new-webhmi-firmware-release-4-1/

 

0x03 ²Î¿¼Á´½Ó

https://us-cert.cisa.gov/ics/advisories/icsa-21-336-03

https://us-cert.cisa.gov/ncas/current-activity/2021/12/06/cisa-releases-security-advisory-webhmi-vulnerabilities

https://nvd.nist.gov/vuln/detail/CVE-2021-43936

 

0x04 ¸üа汾

°æ±¾

ÈÕÆÚ

ÐÞ¸ÄÄÚÈÝ

V1.0

2021-12-07

Ê×´ÎÐû²¼

 

0x05 ¹ØÓÚ¼øºÚµ£±£Íø

¼øºÚµ£±£Íø¼ò½é

¼øºÚµ£±£Íø¹«Ë¾½¨ÉèÓÚ1996Ä꣬£¬£¬ £¬£¬²¢ÓÚ2010Äê6ÔÂ23ÈÕÔÚÉî½»ËùÖÐС°åÕýʽ¹ÒÅÆÉÏÊУ¬£¬£¬ £¬£¬ÊǺ£ÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢Çå¾²²úÆ·ºÍÇå¾²ÖÎÀíÆ½Ì¨¡¢Ç徲ЧÀÍÓë½â¾ö¼Æ»®µÄÁ캽ÆóÒµÖ®Ò»¡£¡£¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°£¬£¬£¬ £¬£¬ÔÚÌìϸ÷Ê¡¡¢ÊС¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö£¬£¬£¬ £¬£¬ÓµÓÐÁýÕÖÌìϵÄÏúÊÛϵͳ¡¢ÇþµÀϵͳºÍÊÖÒÕÖ§³Öϵͳ£»£»£»£»£»£»£»²¢ÔÚ»ª±±¡¢»ª¶«¡¢Î÷ÄϺͻªÄϽṹËÄ´óÑз¢ÖÐÐÄ£¬£¬£¬ £¬£¬»®·ÖΪ±±¾©Ñз¢×ܲ¿¡¢ÉϺ£Ñз¢ÖÐÐÄ¡¢³É¶¼Ñз¢ÖÐÐĺ͹ãÖÝÑз¢ÖÐÐÄ¡£¡£¡£

¶àÄêÀ´£¬£¬£¬ £¬£¬¼øºÚµ£±£ÍøÖÂÁ¦ÓÚÌṩ¾ßÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷Á¢ÒìµÄÇå¾²²úÆ·ºÍ×î¼Ñʵ¼ùЧÀÍ£¬£¬£¬ £¬£¬×ÊÖú¿Í»§ÖÜÈ«ÌáÉýÆäIT»ù´¡ÉèÊ©µÄÇå¾²ÐÔºÍÉú²úЧÄÜ£¬£¬£¬ £¬£¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢Çå¾²¹¤ÒµÁì¾üÆ·ÅÆ¶ø²»Ð¸Æð¾¢¡£¡£¡£

 

¹ØÓÚ¼øºÚµ£±£Íø

¼øºÚµ£±£ÍøÇå¾²Ó¦¼±ÏìÓ¦ÖÐÐÄÖ÷ÒªÕë¶ÔÖ÷ÒªÇå¾²Îó²îµÄÔ¤¾¯¡¢¸ú×ٺͷÖÏíÈ«Çò×îеÄÍþвÇ鱨ºÍÇå¾²±¨¸æ¡£¡£¡£

¹Ø×¢ÒÔϹ«Öںţ¬£¬£¬ £¬£¬»ñȡȫÇò×îÐÂÇå¾²×ÊѶ£º

image.png