¸»Ê¿µç»ú PLC ½Ó¼û¹¤¾ß¶à¸ö¸ßΣ·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2018-09-14

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-14809£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14811£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14813£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14815£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14817£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14819£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-14823£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.3£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


V-Server 4.0.3.0¼°Ö®Ç°°æ±¾


·ì϶¸ÅÊö


ICS-CERT ±¾ÖÜ°ä²¼Á½¸ö°²È«²¼¸æÖ¸³ö£¬£¬£¬£¬£¬ÕâЩ°²È«·ì϶¿Éµ¼ÖÂÔ¶³Ì¹¥»÷ÕßÖ´ÐÐËÁÒâ´úÂë¡£¡£¡£¡£¡£¡£¡£¸»Ê¿µç»ú V-Server ¹¤¾ß¿Éµ¼ÖÂ×éÖ¯»ú´ÓλÓÚÆóÒµÍøÂçÖеÄÍÆËã»ú½Ó¼ûλÓÚ¹¤³§ÖеĿɱà³ÌÂß¼­½ÚÔìÆ÷ (PLCs)¡£¡£¡£¡£¡£¡£¡£ÕâÁ½¸öϵͳ¾­ÓÉÓÃÓÚ¼à¿Ø PLCs µÄ Monitouch HMI ͨ¹ýÒÔÌ«ÍøÏνӡ£¡£¡£¡£¡£¡£¡£ICS-CERT °µÊ¾¸Ã²úÆ·ÔÚÈ«ÇòÁìÓòÄÚÖØÒªÊÇÔڹؼüÔì×÷ÐÐҵʹÓᣡ£¡£¡£¡£¡£¡£


¸»Ê¿µç»ú V-Server ÊÜʹÓúó¿ªÊÍ¡¢²»ÊÜÐÅÀµµÄÖ¸ÕëÒýÓᢶѻº³åÒç³ö¡¢´ø±íдÈë¡¢ÕûÊý·´ÏòÒçλ¡¢´ø±í¶ÁÈ¡ºÍÕ»»º³åÒç¶Âí½ÅµÄÓ°Ï죬£¬£¬£¬£¬¿ÉÄܵ¼Ö³öÏÖÔ¶³Ì´úÂëÖ´Ðкó¹û£¬£¬£¬£¬£¬´Ó¶øÒý·¢ DoS Ç°Ìá»òÐÅϢй¶ÎÊÌâ¡£¡£¡£¡£¡£¡£¡£


ICS-CERT »¹°ä²¼Áí±íÒ»·Ý°²È«²¼¸æ˵ÁËȻӰÏì V-Server Lite µÄ¸ßΣ»£»£»£»£»£»º³åÒç¶Âí½Å¡£¡£¡£¡£¡£¡£¡£¸Ãȱµã¿É±»ÓÃÓÚÖ´ÐдúÂ룬£¬£¬£¬£¬Í¨¹ýÌØÊâ»ú¹ØµÄÏîÄ¿Îļþ´¥·¢ DoS Ç°Ìá»òÐÅϢй¶ÎÊÌâ¡£¡£¡£¡£¡£¡£¡£


ÕâЩ V-Server ·ì϶ÊÇÓÉ Source Incite ¹«Ë¾µÄ Steven Seeleyͨ¹ýÇ÷Ïò¿Æ¼¼ ZDI ·î¸æ³§É̵ġ£¡£¡£¡£¡£¡£¡£Ó°Ïì Lite °æ±¾µÄȱµãÊÇÓÉ Ariele Caltabiano £¨¼´ kimiya£©·¢ÏÖ²¢·î¸æ¸»Ê¿µç»ú¡£¡£¡£¡£¡£¡£¡£


ICS-CERT ÖÒ¸æ³Æ£¬£¬£¬£¬£¬Ä³Ð©·ì϶µÄÀûÓôúÂëÒѹ«¿ª£¬£¬£¬£¬£¬Õâ¿ÉÄÜÊÇÕë¶Ô ZDI ÒѰ䲼ʮ¼¸¸ö×¢Ã÷ÓÉ Seeley ºÍ Caltabiano ´Ó¸»Ê¿µç»ú V-Server ÖÐÕÒµ½µÄ°²È«·ì϶µÄ°²È«²¼¸æһʶøÑԵġ£¡£¡£¡£¡£¡£¡£ZDI ºÍ ICS-CERT°ä²¼°²È«²¼¸æµÄ¹¦·òÏà²îÊýÓ×ʱ£¬£¬£¬£¬£¬µ«ZDI ²¢Î´ÔÚ°²È«²¼¸æÖÐÌá¼°¼¼ÊõÐÅÏ¢¡£¡£¡£¡£¡£¡£¡£


ZDI ÔÚ°²È«²¼¸æÖÐÖ¸³ö£¬£¬£¬£¬£¬Seeley ÔÚ2018Äê3Ô·ݡ¢Caltabiano ÔÚ2018Äê6Ô·ݽ«·ì϶·î¸æ³§ÉÌ¡£¡£¡£¡£¡£¡£¡£ZDI °µÊ¾£¬£¬£¬£¬£¬ÕâЩȱµã¡°´æÔÚÓÚ¶Ô VPR ÎļþµÄ½âÎö¹ý³ÌÖС±£¬£¬£¬£¬£¬¿ÉÄÜÊÇÓÉÓÚÔÚÖ´ÐйØÓÚ¶ÔÏóµÄ²Ù×÷֮ǰ²»×ã¶Ô¶ÔÏóµÄÑéÖ¤Ôì³ÉµÄ£¬£¬£¬£¬£¬Ò²¿ÉÄÜÊÇÓÉÓÚ²»×ã¶ÔÓû§ÌṩÊý¾ÝµÄÕýÈ·ÑéÖ¤Ôì³ÉµÄ¡£¡£¡£¡£¡£¡£¡£


¹ÌÈ» ICS-CERT ¶ÔÕâЩ·ì϶µÄÆÀ¼¶Îª¡°¸ßΣ¡±£¬£¬£¬£¬£¬µ« ZDI ½«ÆäÆÀΪ¡°ÖÐΣ¡±£¬£¬£¬£¬£¬CVSS ÆÀ·ÖΪ6.8·Ý¡£¡£¡£¡£¡£¡£¡£Caltabiano ·¢ÏÖµÄÈõµãÔÚ ZDI °²È«²¼¸æÖеĠCVSS ÆÀ·ÖÊÇ9.3£¨¸ßΣ£©¡£¡£¡£¡£¡£¡£¡£


ÕâЩӰÏìÕƹܽ«ÆóÒµÍøÂçÏνÓÖÁ¹¤¿Øϵͳ²úÆ·µÄ·ì϶¿É´øÀ´ÑϳÁµÄ°²È«·çÏÕ£¬£¬£¬£¬£¬ÓÉÓÚÕâÕýÊǺöàÍþвÕßÊÔͼµ½´ïÃô¸ÐϵͳµÄõ辶¡£¡£¡£¡£¡£¡£¡£


Positive Technologies ¹«Ë¾×î½ü°ä²¼µÄÒ»Ïî×êÑÐÁ˾ÖÏÔʾ£¬£¬£¬£¬£¬Ôںöà×éÖ¯»ú¹¹ÖУ¬£¬£¬£¬£¬ºÚ¿Í¿ÉµÈÏÐͨ¹ýÆóÒµÍøÂç»ñÈ¡¶Ô¹¤Òµ»·¾³µÄ½Ó¼ûȨÏÞ¡£¡£¡£¡£¡£¡£¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC\EXP


½¨¸´½¨Òé


¸»Ê¿µç»úÒÑ°ä²¼°æ±¾4.0.4.0 ½¨¸´ÁËÕâЩ·ì϶¡£¡£¡£¡£¡£¡£¡£

http://monitouch.fujielectric.com/site/support-e/download-index-01.html


²Î¿¼Á´½Ó

https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01

https://www.securityweek.com/flaws-found-fuji-electric-tool-links-corporate-pcs-ics