¸»Ê¿µç»ú PLC »á¼û¹¤¾ß¶à¸ö¸ßΣÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2018-09-14

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-14809 £¬£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3 £¬£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14811 £¬£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3 £¬£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14813 £¬£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3 £¬£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14815 £¬£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3 £¬£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14817 £¬£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3 £¬£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14819 £¬£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3 £¬£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14823 £¬£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3 £¬£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


V-Server 4.0.3.0¼°Ö®Ç°°æ±¾


Îó²î¸ÅÊö


ICS-CERT ±¾ÖÜÐû²¼Á½¸öÇ徲ͨ¸æÖ¸³ö £¬£¬£¬£¬£¬£¬£¬£¬ÕâЩÇå¾²Îó²î¿Éµ¼ÖÂÔ¶³Ì¹¥»÷ÕßÖ´ÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£¸»Ê¿µç»ú V-Server ¹¤¾ß¿Éµ¼ÖÂ×éÖ¯»ú´ÓλÓÚÆóÒµÍøÂçÖеÄÅÌËãʱ»ú¼ûλÓÚ¹¤³§ÖеĿɱà³ÌÂß¼­¿ØÖÆÆ÷ (PLCs)¡£¡£¡£¡£¡£¡£¡£ÕâÁ½¸öϵͳ¾­ÓÉÓÃÓÚ¼à¿Ø PLCs µÄ Monitouch HMI ͨ¹ýÒÔÌ«ÍøÅþÁ¬¡£¡£¡£¡£¡£¡£¡£ICS-CERT ÌåÏָòúÆ·ÔÚÈ«Çò¹æÄ£ÄÚÖ÷ÒªÊÇÔÚÒªº¦ÖÆÔìÐÐҵʹÓᣡ£¡£¡£¡£¡£¡£


¸»Ê¿µç»ú V-Server ÊÜʹÓúóÊÍ·Å¡¢²»ÊÜÐÅÈεÄÖ¸ÕëÒýÓᢶѻº³åÒç³ö¡¢´øÍâдÈë¡¢ÕûÊý·´ÏòÒçλ¡¢´øÍâ¶ÁÈ¡ºÍÕ»»º³åÒç³öÎó²îµÄÓ°Ïì £¬£¬£¬£¬£¬£¬£¬£¬¿ÉÄܵ¼Ö·ºÆðÔ¶³Ì´úÂëÖ´ÐÐЧ¹û £¬£¬£¬£¬£¬£¬£¬£¬´Ó¶øÒý·¢ DoS Ìõ¼þ»òÐÅϢй¶ÎÊÌâ¡£¡£¡£¡£¡£¡£¡£


ICS-CERT »¹Ðû²¼ÁíÍâÒ»·ÝÇ徲ͨ¸æ˵Ã÷ÎúÓ°Ïì V-Server Lite µÄ¸ßΣ»£»£» £»º³åÒç³öÎó²î¡£¡£¡£¡£¡£¡£¡£¸ÃȱÏݿɱ»ÓÃÓÚÖ´ÐдúÂë £¬£¬£¬£¬£¬£¬£¬£¬Í¨¹ýÌØÊâ½á¹¹µÄÏîÄ¿Îļþ´¥·¢ DoS Ìõ¼þ»òÐÅϢй¶ÎÊÌâ¡£¡£¡£¡£¡£¡£¡£


ÕâЩ V-Server Îó²îÊÇÓÉ Source Incite ¹«Ë¾µÄ Steven Seeleyͨ¹ýÇ÷ÊƿƼ¼ ZDI ¼û¸æ³§É̵ġ£¡£¡£¡£¡£¡£¡£Ó°Ïì Lite °æ±¾µÄȱÏÝÊÇÓÉ Ariele Caltabiano £¨¼´ kimiya£©·¢Ã÷²¢¼û¸æ¸»Ê¿µç»ú¡£¡£¡£¡£¡£¡£¡£


ICS-CERT ÖÒÑÔ³Æ £¬£¬£¬£¬£¬£¬£¬£¬Ä³Ð©Îó²îµÄʹÓôúÂëÒѹûÕæ £¬£¬£¬£¬£¬£¬£¬£¬Õâ¿ÉÄÜÊÇÕë¶Ô ZDI ÒÑÐû²¼Ê®¼¸¸ö˵Ã÷ÓÉ Seeley ºÍ Caltabiano ´Ó¸»Ê¿µç»ú V-Server ÖÐÕÒµ½µÄÇå¾²Îó²îµÄÇ徲ͨ¸æһʶøÑԵġ£¡£¡£¡£¡£¡£¡£ZDI ºÍ ICS-CERTÐû²¼Ç徲ͨ¸æµÄʱ¼äÏà²îÊýСʱ £¬£¬£¬£¬£¬£¬£¬£¬µ«ZDI ²¢Î´ÔÚÇ徲ͨ¸æÖÐÌá¼°ÊÖÒÕÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£


ZDI ÔÚÇ徲ͨ¸æÖÐÖ¸³ö £¬£¬£¬£¬£¬£¬£¬£¬Seeley ÔÚ2018Äê3Ô·ݡ¢Caltabiano ÔÚ2018Äê6Ô·ݽ«Îó²î¼û¸æ³§ÉÌ¡£¡£¡£¡£¡£¡£¡£ZDI ÌåÏÖ £¬£¬£¬£¬£¬£¬£¬£¬ÕâЩȱÏÝ¡°±£´æÓÚ¶Ô VPR ÎļþµÄÆÊÎöÀú³ÌÖС± £¬£¬£¬£¬£¬£¬£¬£¬¿ÉÄÜÊÇÓÉÓÚÔÚÖ´ÐйØÓÚ¹¤¾ßµÄ²Ù×÷֮ǰȱ·¦¶Ô¹¤¾ßµÄÑéÖ¤Ôì³ÉµÄ £¬£¬£¬£¬£¬£¬£¬£¬Ò²¿ÉÄÜÊÇÓÉÓÚȱ·¦¶ÔÓû§ÌṩÊý¾ÝµÄ׼ȷÑéÖ¤Ôì³ÉµÄ¡£¡£¡£¡£¡£¡£¡£


ËäÈ» ICS-CERT ¶ÔÕâЩÎó²îµÄÆÀ¼¶Îª¡°¸ßΣ¡± £¬£¬£¬£¬£¬£¬£¬£¬µ« ZDI ½«ÆäÆÀΪ¡°ÖÐΣ¡± £¬£¬£¬£¬£¬£¬£¬£¬CVSS ÆÀ·ÖΪ6.8·Ý¡£¡£¡£¡£¡£¡£¡£Caltabiano ·¢Ã÷µÄÈõµãÔÚ ZDI Ç徲ͨ¸æÖеĠCVSS ÆÀ·ÖÊÇ9.3£¨¸ßΣ£©¡£¡£¡£¡£¡£¡£¡£


ÕâЩӰÏìÈÏÕ潫ÆóÒµÍøÂçÅþÁ¬ÖÁ¹¤¿Øϵͳ²úÆ·µÄÎó²î¿É´øÀ´ÑÏÖصÄÇ徲Σº¦ £¬£¬£¬£¬£¬£¬£¬£¬ÓÉÓÚÕâÕýÊÇÐí¶àÍþвÕßÊÔͼµÖ´ïÃô¸ÐϵͳµÄ;¾¶¡£¡£¡£¡£¡£¡£¡£


Positive Technologies ¹«Ë¾×î½üÐû²¼µÄÒ»ÏîÑо¿Ð§¹ûÏÔʾ £¬£¬£¬£¬£¬£¬£¬£¬ÔÚÐí¶à×éÖ¯»ú¹¹ÖÐ £¬£¬£¬£¬£¬£¬£¬£¬ºÚ¿Í¿ÉÈÝÒ×ͨ¹ýÆóÒµÍøÂç»ñÈ¡¶Ô¹¤ÒµÇéÐεĻá¼ûȨÏÞ¡£¡£¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC\EXP


ÐÞ¸´½¨Òé


¸»Ê¿µç»úÒÑÐû²¼°æ±¾4.0.4.0 ÐÞ¸´ÁËÕâЩÎó²î¡£¡£¡£¡£¡£¡£¡£

http://monitouch.fujielectric.com/site/support-e/download-index-01.html


²Î¿¼Á´½Ó

https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01

https://www.securityweek.com/flaws-found-fuji-electric-tool-links-corporate-pcs-ics