Ê©Ä͵µçÆøModicon M580ÖеĶà¸ö·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-10-10

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6846£¬£¬£¬ £¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬ £¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ5.9£¬£¬£¬ £¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6844£¬£¬£¬ £¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬ £¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬£¬ £¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6843£¬£¬£¬ £¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬ £¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬£¬ £¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6842£¬£¬£¬ £¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬ £¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬£¬ £¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6841£¬£¬£¬ £¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬ £¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬£¬ £¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6845£¬£¬£¬ £¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬ £¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ5.9£¬£¬£¬ £¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6847£¬£¬£¬ £¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬£¬ £¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬£¬ £¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6851£¬£¬£¬ £¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬ £¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.5£¬£¬£¬ £¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Schneider Electric Modicon M580 BMEP582040 SV2.80


·ì϶¸ÅÊö


Schneider Electric Modicon M580ÊÇ·¨¹úÊ©Ä͵µçÆø£¨Schneider Electric£©¹«Ë¾µÄÒ»¿î¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷¡£¡£ ¡£¡£¡£¡£Schneider Electric Modicon M580ÖдæÔÚ¶à¸ö·ì϶£¬£¬£¬ £¬£¬£¬£¬£¬¾ßÌåÈçÏ£º


CVE-2019-6846

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTPÖ°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõÄÐÅϢй¶·ì϶¡£¡£ ¡£¡£¡£¡£¹¥»÷ÕßÄܹ»Ðá̽ÍøÂçÁ÷Á¿ÒÔÀûÓô˷ì϶¡£¡£ ¡£¡£¡£¡£


CVE-2019-6844/CVE-2019-6843/CVE-2019-6842

Schneider Electric Modicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷¹Ì¼þ°æ±¾SV2.80µÄFTP¹Ì¼þ¸üÐÂÖ°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõĻؾø·þÎñ·ì϶¡£¡£ ¡£¡£¡£¡£ÌØÔìµÄ¹Ì¼þÓ³Ïñ¿ÉÄܵ¼ÖÂÉ豸½øÈë¿É¸´Ô­µÄ¹ÊÕÏ״̬£¬£¬£¬ £¬£¬£¬£¬£¬´Ó¶øµ¼ÖÂÕý³£É豸ִÐÐÖÕ³¡¡£¡£ ¡£¡£¡£¡£¹¥»÷ÕßÄܹ»Ê¹ÓÃĬÈÏÍ´´¦À´·¢ËÍ´¥·¢´Ë·ì϶µÄºÅÁî¡£¡£ ¡£¡£¡£¡£


CVE-2019-6841

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTP¹Ì¼þ¸üзþÎñÖ°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõĻؾø·þÎñ·ì϶¡£¡£ ¡£¡£¡£¡£Ò»×éÌØÊⶩ¹ºµÄFTPºÅÁî¿ÉÄÜ»áʹFTP loader·þÎñ½øÈëÆÚ´ý״̬£¬£¬£¬ £¬£¬£¬£¬£¬´Ó¶øµ¼ÖÂÎÞ·¨Í¨¹ýFTP¸üÐÂÉ豸¹Ì¼þ¡£¡£ ¡£¡£¡£¡£¹¥»÷ÕßÄܹ»Ê¹ÓÃĬÈÏÍ´´¦À´·¢ËÍ´¥·¢´Ë·ì϶µÄºÅÁî¡£¡£ ¡£¡£¡£¡£


CVE-2019-6845

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷µÄ¹Ì¼þ°æ±¾SV2.80µÄUMASÖ°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõÄÐÅϢй¶·ì϶¡£¡£ ¡£¡£¡£¡£¹¥»÷ÕßÄܹ»Ðá̽ÍøÂçÁ÷Á¿ÒÔÀûÓô˷ì϶¡£¡£ ¡£¡£¡£¡£


CVE-2019-6847

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTP¹Ì¼þ¸üÐÂÖ°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõĻؾø·þÎñ·ì϶¡£¡£ ¡£¡£¡£¡£¹ýÆڵĹ̼þÓ³Ïñ¿ÉÄܵ¼ÖÂÉ豸½øÈë²»³É¸´Ô­µÄ¹ÊÕÏ״̬£¬£¬£¬ £¬£¬£¬£¬£¬´Ó¶øµ¼ÖÂÓëÉ豸µÄÔ¶³ÌͨѶÆëÈ«ÖÕ³¡¡£¡£ ¡£¡£¡£¡£¹¥»÷ÕßÄܹ»Ê¹ÓÃĬÈÏÍ´´¦À´·¢ËÍ´¥·¢´Ë·ì϶µÄºÅÁî¡£¡£ ¡£¡£¡£¡£


CVE-2019-6851

Schneider Electric Modicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷µÄTFTP·þÎñÆ÷Ö°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõÄÐÅϢй¶·ì϶¡£¡£ ¡£¡£¡£¡£ÌØÔìµÄTFTP»ñÈ¡ÒªÇó¿ÉÄܵ¼ÖÂÎļþÏÂÔØ£¬£¬£¬ £¬£¬£¬£¬£¬´Ó¶øµ¼ÖÂÃô¸ÐÐÅϢй¶¡£¡£ ¡£¡£¡£¡£¹¥»÷ÕßÄܹ»·¢ËÍδ¾­Éí·ÝÑéÖ¤µÄºÅÁîÀ´´¥·¢´Ë·ì϶¡£¡£ ¡£¡£¡£¡£


·ì϶ÑéÖ¤


CVE-2019-6844£º

POC: https://talosintelligence.com/reports/TALOS-2019-0825


CVE-2019-6843

POC: https://talosintelligence.com/reports/TALOS-2019-0824


CVE-2019-6842

POC: https://talosintelligence.com/reports/TALOS-2019-0823


CVE-2019-6841

POC: https://talosintelligence.com/reports/TALOS-2019-0822


CVE-2019-6851

POC: https://talosintelligence.com/reports/TALOS-2019-0851


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÔÝδ°ä²¼½¨¸´´ëÊ©½â¾ö´Ë°²È«ÎÊÌ⣬£¬£¬ £¬£¬£¬£¬£¬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³

»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö·¨×Ó£º

https://www.schneider-electric.com


²Î¿¼Á´½Ó


https://blog.talosintelligence.com/2019/10/vuln-spotlight-schneider-electric-m580-part-2-sept-2019.html