Î÷ÃÅ×ÓDejaBlue¡¢Urgent/11ºÍSACK Panic·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-09-12

¡ñ·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-1181 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1182 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1222 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1226 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12255 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12256 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12257 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º8.8

CVE±àºÅ£ºCVE-2019-12258 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-12259 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-12260 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12261 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º8.8

CVE±àºÅ£ºCVE-2019-12262 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.1

CVE±àºÅ£ºCVE-2019-12263 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º8.1

CVE±àºÅ£ºCVE-2019-12264 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.1

CVE±àºÅ£ºCVE-2019-11477 £¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5


¡ñÓ°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾

DejaBlue£º

Aptio by Inpeco:All versionsµÈ


Urgent/11£º

RUGGEDCOM WIN70xx Base Station:All versions

RUGGEDCOM WIN72xx Base Station:All versions


SACK Panic£º

CM 1542-1:All versionsµÈ


¡ñ·ì϶¸ÅÊö


±¾ÖܶþÎ÷ÃÅ×Ó°ä²¼¼¸·Ý°²È«²¼¸æ £¬£¬£¬£¬£¬£¬£¬ÍƳö×î½üµÄDejaBlue¡¢Urgent/11ºÍSACK Panic·ì϶µÄ½¨¸´²¹¶¡¡£¡£¡£¡£¡£


Î÷ÃÅ×Ó°µÊ¾ £¬£¬£¬£¬£¬£¬£¬Î¢ÈíÔÚ8Ô·ݽ¨²¹µÄËĸöWindowsÔ¶³Ì×ÀÃæ·þÎñ·ì϶ӰÏìÁ˲¿ÃÅHealthineers²úÆ· £¬£¬£¬£¬£¬£¬£¬µ«´óÎÞÊýÒ½ÁƲúƷδÊÜÓ°Ïì¡£¡£¡£¡£¡£ÕâЩ·ì϶±»×·×ÙΪDejaBlue £¬£¬£¬£¬£¬£¬£¬Óë΢ÈíÔÚ5Ô·ݽ¨¸´µÄBlueKeepÀàËÆ¡£¡£¡£¡£¡£


Î÷ÃÅ×Ó»¹·î¸æ¿Í»§ÆäºÜ¶à²úÆ·Êܵ½×î½üÅû¶µÄLinuxÄں˷ì϶£¨SACK Panic£©µÄÓ°Ïì £¬£¬£¬£¬£¬£¬£¬ÆäÖÐ×îÑϳÁµÄÒ»¸ö·ì϶Ϊ¿Éµ¼ÖÂDoSµÄ·ì϶£¨CVE-2019-11477£©¡£¡£¡£¡£¡£


´Ë±í £¬£¬£¬£¬£¬£¬£¬Î÷ÃÅ×ÓRUGGEDCOM WIN²úÆ·Êܵ½×î½üÅû¶µÄWind River VxWorks·ì϶£¨Urgent/11£©Ó°Ïì¡£¡£¡£¡£¡£


Î÷ÃÅ×Ó»¹°ä²¼ÁËÁí±íËķݻ㱨¡£¡£¡£¡£¡£ËüÃÇÃèÊöÁËIE / WSN-PA LinkÍø¹ØÖеĸßÑϳÁÐÔ¿çÕ¾¾ç±¾£¨XSS£©·ì϶ £¬£¬£¬£¬£¬£¬£¬ÕâÊÇSIMATIC TDC CP51M1Ä£¿£¿£¿£¿£¿£¿éÖеĸßÑϳÁÐÔDoSȱµã £¬£¬£¬£¬£¬£¬£¬ÊÇSINETPLANÖиßÑϳÁÐÔµÄÈÏÖ¤ºóºÅÁîÖ´ÐÐÃýÎó £¬£¬£¬£¬£¬£¬£¬ÒÔ¼°SINEMA Remote Connect ServerÖеĸ÷ÀàÖеȺ͸ßÑϳÁÐÔ·ì϶¡£¡£¡£¡£¡£


¡ñ·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£¡£


¡ñ½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶ £¬£¬£¬£¬£¬£¬£¬ÏÂÔØÁ´½Ó£ºhttps://new.siemens.com/global/en/products/services/cert.html#SecurityPublications¡£¡£¡£¡£¡£


¡ñ²Î¿¼Á´½Ó


https://www.securityweek.com/siemens-issues-advisories-dejablue-sack-panic-vulnerabilities