ABB×Ô¶¯»¯ÏµÍ³HMIÖеĶà¸öÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-06-26

Îó²î±àºÅºÍ¼¶±ð



CVE±àºÅ£ºCVE-2019-1716£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬£¬£¬£¬£¬£¬¹Ù·½:9.8
CVE±àºÅ£ºCVE-2019-10886£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.5£¬£¬£¬£¬£¬£¬¹Ù·½£º5.9
CVE±àºÅ£ºCVE-2019-11336£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.5£¬£¬£¬£¬£¬£¬¹Ù·½:8.1
CVE±àºÅ£ºCVE-2019-7230£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7229£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.3£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7231£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.5£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7227£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.3£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7225£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7226£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7232£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-7228£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨



Ó°Ïì°æ±¾



ÊÜÓ°ÏìµÄ°æ±¾


ABB CP635 HMI, ABB PB610, ABB CP651 HMI



Îó²î¸ÅÊö



ABBÐÞ¸´×Ô¶¯»¯ÏµÍ³HMIÖеÄÊ®¶à¸öÎó²î£º


CVE-2019-1716


Cisco IP Phone 8800 SeriesºÍCisco IP Phone 7800 Series¶¼ÊÇÃÀ¹ú˼¿Æ£¨Cisco£©¹«Ë¾µÄ²úÆ·¡£ ¡£¡£Cisco IP Phone 8800 SeriesÊÇÒ»¿î8800ϵÁеÄIPµç»°¡£ ¡£¡£Cisco IP Phone 7800 SeriesÊÇÒ»¿î7800ϵÁÐIPµç»°¡£ ¡£¡£Session Initiation Protocol£¨SIP£©SoftwareÊÇÆäÖеÄÒ»¿î»á»°ÌᳫЭÒéÈí¼þ¡£ ¡£¡£Cisco IP Phone 7800 SeriesºÍCisco IP Phone 8800 SeriesÖеÄSIPÈí¼þµÄ»ùÓÚWebµÄÖÎÀí½çÃæ±£´æÊäÈëÑéÖ¤Îó²î£¬£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚÔÚ¾ÙÐÐÉí·ÝÑé֤ʱ£¬£¬£¬£¬£¬£¬³ÌÐòûÓÐ׼ȷµØÑéÖ¤Óû§Ìá½»µÄÊäÈë¡£ ¡£¡£Ô¶³Ì¹¥»÷Õß¿Éͨ¹ýʹÓÃHTTPЭÒéÅþÁ¬µ½ÊÜÓ°ÏìµÄ×°±¸²¢Ìá½»¶ñÒâµÄÓû§Æ¾Ö¤Ê¹ÓøÃÎó²îÖØмÓÔØÊÜÓ°ÏìµÄ×°±¸£¬£¬£¬£¬£¬£¬µ¼Ö¾ܾøЧÀÍ»òÒÔÓ¦ÓóÌÐòÓû§µÄȨÏÞÖ´ÐÐí§Òâ´úÂë¡£ ¡£¡£


CVE-2019-10886


Sony Photo Sharing Plus applicationÊÇÈÕ±¾Ë÷ÄᣨSony£©¹«Ë¾µÄÒ»¿îÓÃÓÚÉúÑÄ¡¢ÖÎÀí¡¢·ÖÏíͼÏñºÍÊÓƵµÄÓ¦ÓóÌÐò¡£ ¡£¡£ ʹÓÃPKG6.5629֮ǰ°æ±¾¹Ì¼þµÄSony Photo Sharing PlusÓ¦ÓóÌÐò±£´æ»á¼û¿ØÖƹýʧÎó²î£¬£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úƷδ׼ȷÏÞÖÆÀ´×ÔδÊÚȨ½ÇÉ«µÄ×ÊÔ´»á¼û¡£ ¡£¡£


CVE-2019-11336


Sony Smart TVsÖб£´æÐÅϢй¶Îó²î£¬£¬£¬£¬£¬£¬¸ÃÎó²îÔ´ÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÔËÐÐÀú³ÌÖб£´æÉèÖõȹýʧ¡£ ¡£¡£Î´ÊÚȨµÄ¹¥»÷Õß¿ÉʹÓÃÎó²î»ñÈ¡ÊÜÓ°Ïì×é¼þÃô¸ÐÐÅÏ¢¡£ ¡£¡£


CVE-2019-7230


IDAL FTPЧÀÍÆ÷ͨ¹ý²»Çå¾²µØʹÓÃÓû§ÌṩµÄÃûÌÃ×Ö·û´®ÈÝÒ×Êܵ½ÄÚ´æË𻵡£ ¡£¡£ ¹¥»÷Õß¿ÉÒÔÀÄÓô˹¦Ð§À´ÈƹýÉí·ÝÑéÖ¤»òÔÚЧÀÍÆ÷ÉÏÖ´ÐдúÂë¡£ ¡£¡£


CVE-2019-7229


ABB HMIʹÓÃÁ½ÖÖ²î±ðµÄ´«ÊäÒªÁìÀ´Éý¼¶ÆäÈí¼þ×é¼þ£ºÊ¹ÓÃUSB / SD¿¨ÉÁ´æ×°±¸£»£»£»£»£»Í¨¹ýFTPͨ¹ýABB Panel Builder 600¾ÙÐÐÔ¶³ÌÉèÖÃÀú³Ì£¬£¬£¬£¬£¬£¬ÕâЩ´«ÊäÒªÁ춼²î³ØеÄHMIÈí¼þ¶þ½øÖÆÎļþʵÑéÈκÎÐÎʽµÄ¼ÓÃÜ»òÕæʵÐÔ¼ì²é¡£ ¡£¡£


CVE-2019-7231


IDAL FTPЧÀÍÆ÷ÈÝÒ×Êܵ½»º³åÇøÒç³öµÄÓ°Ï죬£¬£¬£¬£¬£¬ÆäÖÐÓɾ­ÓÉÉí·ÝÑéÖ¤µÄ¹¥»÷Õß·¢ËÍ´ó×Ú×Ö·û´®£¬£¬£¬£¬£¬£¬µ¼Ö»º³åÇøÒç³ö¡£ ¡£¡£


CVE-2019-7227


IDAL FTPЧÀÍÆ÷ÎÞ·¨È·±£Ä¿Â¼¸ü¸ÄÇëÇó²»»á¸ü¸ÄΪFTPЧÀÍÆ÷¸ùĿ¼֮ÍâµÄλÖᣠ¡£¡£¾­ÓÉÉí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÒÔͨ¹ýʹÓá°cd ..¡±¸ü¸ÄĿ¼À´¼òÆӵرéÀúЧÀÍÆ÷¸ùĿ¼¡£ ¡£¡£


CVE-2019-7225


ÊÜÓ°ÏìµÄABB×é¼þʵÏÖÔÚHMI½çÃæµÄ¹©Ó¦½×¶ÎʹÓõÄÒþ²ØÖÎÀíÕÊ»§¡£ ¡£¡£ÕâЩƾ֤ÔÊÐíÉèÖù¤¾ß¡°Panel Builder 600¡±ÉÁ×ÆеĽçÃæºÍ±êÇ©£¨MODBUSÏßȦ£©Ó³Éäµ½HMI¡£ ¡£¡£


CVE-2019-7226


IDAL HTTPЧÀÍÆ÷CGI½Ó¿Ú°üÀ¨Ò»¸öURL£¬£¬£¬£¬£¬£¬ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÈƹýÉí·ÝÑéÖ¤²¢»ñÈ¡¶ÔÌØȨ¹¦Ð§µÄ»á¼ûȨÏÞ¡£ ¡£¡£


CVE-2019-7232


ÔÚHTTPÇëÇóÖÐÎüÊÕ´óÐÍÖ÷»úͷʱ£¬£¬£¬£¬£¬£¬IDAL HTTPЧÀÍÆ÷ÈÝÒ×Êܵ½»ùÓÚ¿ÍÕ»µÄ»º³åÇøÒç³öµÄÓ°Ïì¡£ ¡£¡£Ö÷»úÍ·ÖµÒç³ö»º³åÇø²¢Ê¹Óøü´óµÄ»º³åÇøÁýÕֽṹ»¯Òì³£´¦Öóͷ£³ÌÐò£¨SEH£©µØµã¡£ ¡£¡£


CVE-2019-7228


IDAL HTTPЧÀÍÆ÷ͨ¹ý²»Çå¾²µØʹÓÃÓû§ÌṩµÄÃûÌÃ×Ö·û´®ÈÝÒ×Êܵ½ÄÚ´æË𻵡£ ¡£¡£¹¥»÷Õß¿ÉÒÔÀÄÓô˹¦Ð§À´ÈƹýÉí·ÝÑéÖ¤»òÔÚЧÀÍÆ÷ÉÏÖ´ÐдúÂë¡£ ¡£¡£



Îó²îÑéÖ¤



POC£º


CVE-2019-1716

https://www.darkmatter.ae/xen1thlabs/cisco-ip-phone-webui-remote-code-execution-vulnerability/¡£ ¡£¡£


CVE-2019-10886

https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-arbitrary-file-read-vulnerability-xl-19-002/


CVE-2019-11336

https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/


CVE-2019-7230

https://www.darkmatter.ae/xen1thlabs/abb-idal-ftp-server-uncontrolled-format-string-vulnerability-xl-19-004/


CVE-2019-7229

https://www.darkmatter.ae/xen1thlabs/abb-hmi-absence-of-signature-verification-vulnerability-xl-19-005/


CVE-2019-7231

https://www.darkmatter.ae/xen1thlabs/abb-idal-ftp-server-buffer-overflow-vulnerability-xl-19-007/


CVE-2019-7227

https://www.darkmatter.ae/xen1thlabs/abb-idal-ftp-server-path-traversal-vulnerability-xl-19-008/


CVE-2019-7225

https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/


CVE-2019-7226

https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-authentication-bypass-vulnerability-xl-19-010/


CVE-2019-7232

https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-stack-based-buffer-overflow-vulnerability-xl-19-011/


CVE-2019-7228

https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-uncontrolled-format-string-vulnerability-xl-19-012/



ÐÞ¸´½¨Òé



ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó¼ûÈçÉÏÁ´½Ó¡£ ¡£¡£



²Î¿¼Á´½Ó



https://www.darkmatter.ae/xen1thlabs/published-advisories/