Sick MSC800ÐÅÈÎÖÎÀíÎÊÌâÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-07-03

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-10979£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ£º9.8£¬£¬£¬£¬£¬£¬£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


Sick MSC800 4.0֮ǰ°æ±¾¡£¡£¡£¡£


Îó²î¸ÅÊö


Sick MSC800Êǵ¹úÎ÷¿Ë£¨Sick£©¹«Ë¾µÄÒ»¿î¿É±à³ÌÂß¼­¿ØÖÆÆ÷£¨PLC£©¡£¡£¡£¡£


ÊÜÓ°ÏìµÄ¿ØÖÆÆ÷ÔÚÈ«Çò¹æÄ£ÄÚʹÓ㬣¬£¬£¬£¬£¬£¬ÌØÊâÊÇÔÚÒªº¦ÖÆÔìÁìÓò£¬£¬£¬£¬£¬£¬£¬Êܵ½CVE-2019-10979×·×ÙµÄÑÏÖØÎó²îµÄÓ°Ïì¡£¡£¡£¡£


Sick MSC800 4.0֮ǰ°æ±¾Öб£´æÐÅÈÎÖÎÀíÎÊÌâÎó²î¡£¡£¡£¡£ÓÉÓÚ±£´æÓ²±àÂëƾ֤£¬£¬£¬£¬£¬£¬£¬Ô¶³Ì¹¥»÷Õß¿ÉʹÓøÃÎó²îÖØÐÂÉèÖûòÆÆËðÀ´×Ե¹ú´«¸ÐÆ÷ÖÆÔìÉÌSickµÄMSC800Ä£¿£¿£¿é»¯ÏµÍ³¿ØÖÆÆ÷¡£¡£¡£¡£


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬£¬£¬²¹¶¡»ñÈ¡Á´½Ó£º

https://www.sick.com/de/en/service-and-support/the-sick-product-security-incident-response-team-sick-psirt/w/psirt/#advisories


²Î¿¼Á´½Ó


 https://www.securityweek.com/hardcoded-credentials-expose-sick-controllers-remote-attacks