ABB×Ô¶¯»¯ÏµÍ³HMIÖеĶà¸ö·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-06-26

·ì϶±àºÅºÍ¼¶±ð



CVE±àºÅ£ºCVE-2019-1716£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬£¬£¬£¬£¬£¬¹Ù·½:9.8
CVE±àºÅ£ºCVE-2019-10886£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.5£¬£¬£¬£¬£¬£¬¹Ù·½£º5.9
CVE±àºÅ£ºCVE-2019-11336£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.5£¬£¬£¬£¬£¬£¬¹Ù·½:8.1
CVE±àºÅ£ºCVE-2019-7230£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7229£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.3£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7231£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º6.5£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7227£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º7.3£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7225£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7226£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-7232£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-7228£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º8.8£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨



Ó°Ïì°æ±¾



ÊÜÓ°ÏìµÄ°æ±¾


ABB CP635 HMI, ABB PB610, ABB CP651 HMI



·ì϶¸ÅÊö



ABB½¨¸´×Ô¶¯»¯ÏµÍ³HMIÖеÄÊ®¶à¸ö·ì϶£º


CVE-2019-1716


Cisco IP Phone 8800 SeriesºÍCisco IP Phone 7800 Series¶¼ÊÇÃÀ¹ú˼¿Æ£¨Cisco£©¹«Ë¾µÄ²úÆ· ¡£¡£¡£¡£¡£Cisco IP Phone 8800 SeriesÊÇÒ»¿î8800ϵÁеÄIPµç»° ¡£¡£¡£¡£¡£Cisco IP Phone 7800 SeriesÊÇÒ»¿î7800ϵÁÐIPµç»° ¡£¡£¡£¡£¡£Session Initiation Protocol£¨SIP£©SoftwareÊÇÆäÖеÄÒ»¿î»á»°ÌáÒéºÍ̸Èí¼þ ¡£¡£¡£¡£¡£Cisco IP Phone 7800 SeriesºÍCisco IP Phone 8800 SeriesÖеÄSIPÈí¼þµÄ»ùÓÚWebµÄÖÎÀí½çÃæ´æÔÚÊäÈëÑéÖ¤·ì϶£¬£¬£¬£¬£¬£¬¸Ã·ì϶ԴÓÚÔÚ½øÐÐÉí·ÝÑé֤ʱ£¬£¬£¬£¬£¬£¬·¨Ê½Ã»ÓÐÕýÈ·µØÑéÖ¤Óû§Ìá½»µÄÊäÈë ¡£¡£¡£¡£¡£Ô¶³Ì¹¥»÷Õß¿Éͨ¹ýʹÓÃHTTPºÍ̸Ïνӵ½ÊÜÓ°ÏìµÄÉ豸²¢Ìá·´Ä¿ÒâµÄÓû§Æ¾Ö¤ÀûÓø÷ì϶³ÁмÓÔØÊÜÓ°ÏìµÄÉ豸£¬£¬£¬£¬£¬£¬µ¼Ö»ؾø·þÎñ»òÒÔÀûÓ÷¨Ê½Óû§µÄȨÏÞÖ´ÐÐËÁÒâ´úÂë ¡£¡£¡£¡£¡£


CVE-2019-10886


Sony Photo Sharing Plus applicationÊÇÈÕ±¾Ë÷ÄᣨSony£©¹«Ë¾µÄÒ»¿îÓÃÓÚ±£Áô¡¢ÖÎÀí¡¢·ÖÏíͼÏñºÍÊÓƵµÄÀûÓ÷¨Ê½ ¡£¡£¡£¡£¡£ ʹÓÃPKG6.5629֮ǰ°æ±¾¹Ì¼þµÄSony Photo Sharing PlusÀûÓ÷¨Ê½´æÔÚ½Ó¼û½ÚÔìÃýÎó·ì϶£¬£¬£¬£¬£¬£¬¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úƷδÕýÈ·ÏÞ¶ÈÀ´×ÔδÊÚȨ½ÇÉ«µÄ×ÊÔ´½Ó¼û ¡£¡£¡£¡£¡£


CVE-2019-11336


Sony Smart TVsÖдæÔÚÐÅϢй¶·ì϶£¬£¬£¬£¬£¬£¬¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÔËÐйý³ÌÖдæÔÚÅäÖõÈÃýÎó ¡£¡£¡£¡£¡£Î´ÊÚȨµÄ¹¥»÷Õß¿ÉÀûÓ÷ì϶»ñÈ¡ÊÜÓ°Ïì×é¼þÃô¸ÐÐÅÏ¢ ¡£¡£¡£¡£¡£


CVE-2019-7230


IDAL FTP·þÎñÆ÷ͨ¹ý²»°²È«µØʹÓÃÓû§ÌṩµÄÌåʽ×Ö·û´®ÈÝÒ×Êܵ½ÄÚ´æ°Ü»µ ¡£¡£¡£¡£¡£ ¹¥»÷ÕßÄܹ»ÀÄÓôËÖ°ÄÜÀ´ÈƹýÉí·ÝÑéÖ¤»òÔÚ·þÎñÆ÷ÉÏÖ´ÐдúÂë ¡£¡£¡£¡£¡£


CVE-2019-7229


ABB HMIʹÓÃÁ½ÖÖ·ÖÆçµÄ´«Êä²½ÖèÀ´Éý¼¶ÆäÈí¼þ×é¼þ£ºÀûÓÃUSB / SD¿¨ÉÁ´æÉ豸£»£»£»£»£»£»£»Í¨¹ýFTPͨ¹ýABB Panel Builder 600½øÐÐÔ¶³ÌÅäÖùý³Ì£¬£¬£¬£¬£¬£¬ÕâЩ´«Êä²½Ö趼²»ºÏеÄHMIÈí¼þ¶þ½øÔìÎļþÖ´ÐÐÈκδó¾ÖµÄ¼ÓÃÜ»òÕæʵÐԲ鳭 ¡£¡£¡£¡£¡£


CVE-2019-7231


IDAL FTP·þÎñÆ÷ÈÝÒ×Êܵ½»º³åÇøÒç³öµÄÓ°Ï죬£¬£¬£¬£¬£¬ÆäÖÐÓɾ­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷Õß·¢ËÍ´óÁ¿×Ö·û´®£¬£¬£¬£¬£¬£¬µ¼Ö»º³åÇøÒç³ö ¡£¡£¡£¡£¡£


CVE-2019-7227


IDAL FTP·þÎñÆ÷ÎÞ·¨È·±£Ä¿Â¼¸ü¸ÄÒªÇó²»»á¸ü¸ÄΪFTP·þÎñÆ÷¸ùĿ¼֮±íµÄµØλ ¡£¡£¡£¡£¡£¾­¹ýÉí·ÝÑéÖ¤µÄ¹¥»÷ÕßÄܹ»Í¨¹ýʹÓá°cd ..¡±¸ü¸ÄĿ¼À´µ¥Ò»µØ±éÀú·þÎñÆ÷¸ùĿ¼ ¡£¡£¡£¡£¡£


CVE-2019-7225


ÊÜÓ°ÏìµÄABB×é¼þʵ´Ë¿ÌHMI½çÃæµÄ¹©¸ø½×¶ÎʹÓõݵ²ØÖÎÀíÕÊ»§ ¡£¡£¡£¡£¡£ÕâЩƾ֤ÔÊÐíÅäÖù¤¾ß¡°Panel Builder 600¡±ÉÁ¶¯ÐµĽçÃæºÍ±êÇ©£¨MODBUSÏßȦ£©Ó³Éäµ½HMI ¡£¡£¡£¡£¡£


CVE-2019-7226


IDAL HTTP·þÎñÆ÷CGI½Ó¿ÚÔ̺¬Ò»¸öURL£¬£¬£¬£¬£¬£¬ÔÊÐíδ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷ÕßÈƹýÉí·ÝÑéÖ¤²¢»ñÈ¡¶ÔÌØȨְÄܵĽӼûȨÏÞ ¡£¡£¡£¡£¡£


CVE-2019-7232


ÔÚHTTPÒªÇóÖнӹܴóÐÍÖ÷»úͷʱ£¬£¬£¬£¬£¬£¬IDAL HTTP·þÎñÆ÷ÈÝÒ×Êܵ½»ùÓÚ²Ö¿âµÄ»º³åÇøÒç³öµÄÓ°Ïì ¡£¡£¡£¡£¡£Ö÷»úÍ·ÖµÒç³ö»º³åÇø²¢Ê¹Óøü´óµÄ»º³åÇø¸²¸Ç½á¹¹»¯Òì³£´¦Ö÷¨Ê½£¨SEH£©µØÖ· ¡£¡£¡£¡£¡£


CVE-2019-7228


IDAL HTTP·þÎñÆ÷ͨ¹ý²»°²È«µØʹÓÃÓû§ÌṩµÄÌåʽ×Ö·û´®ÈÝÒ×Êܵ½ÄÚ´æ°Ü»µ ¡£¡£¡£¡£¡£¹¥»÷ÕßÄܹ»ÀÄÓôËÖ°ÄÜÀ´ÈƹýÉí·ÝÑéÖ¤»òÔÚ·þÎñÆ÷ÉÏÖ´ÐдúÂë ¡£¡£¡£¡£¡£



·ì϶ÑéÖ¤



POC£º


CVE-2019-1716

https://www.darkmatter.ae/xen1thlabs/cisco-ip-phone-webui-remote-code-execution-vulnerability/ ¡£¡£¡£¡£¡£


CVE-2019-10886

https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-arbitrary-file-read-vulnerability-xl-19-002/


CVE-2019-11336

https://www.darkmatter.ae/xen1thlabs/sony-smart-tv-photo-sharing-plus-information-disclosure-vulnerability-xl-19-003/


CVE-2019-7230

https://www.darkmatter.ae/xen1thlabs/abb-idal-ftp-server-uncontrolled-format-string-vulnerability-xl-19-004/


CVE-2019-7229

https://www.darkmatter.ae/xen1thlabs/abb-hmi-absence-of-signature-verification-vulnerability-xl-19-005/


CVE-2019-7231

https://www.darkmatter.ae/xen1thlabs/abb-idal-ftp-server-buffer-overflow-vulnerability-xl-19-007/


CVE-2019-7227

https://www.darkmatter.ae/xen1thlabs/abb-idal-ftp-server-path-traversal-vulnerability-xl-19-008/


CVE-2019-7225

https://www.darkmatter.ae/xen1thlabs/abb-hmi-hardcoded-credentials-vulnerability-xl-19-009/


CVE-2019-7226

https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-authentication-bypass-vulnerability-xl-19-010/


CVE-2019-7232

https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-stack-based-buffer-overflow-vulnerability-xl-19-011/


CVE-2019-7228

https://www.darkmatter.ae/xen1thlabs/abb-idal-http-server-uncontrolled-format-string-vulnerability-xl-19-012/



½¨¸´½¨Òé



Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬£¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó¼ûÈçÉÏÁ´½Ó ¡£¡£¡£¡£¡£



²Î¿¼Á´½Ó



https://www.darkmatter.ae/xen1thlabs/published-advisories/