Î÷ÃÅ×ÓDejaBlue¡¢Urgent/11ºÍSACK PanicÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-09-12

¡ñÎó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-1181£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1182£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1222£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1226£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12255£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12256£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12257£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º8.8

CVE±àºÅ£ºCVE-2019-12258£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-12259£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-12260£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12261£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º8.8

CVE±àºÅ£ºCVE-2019-12262£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.1

CVE±àºÅ£ºCVE-2019-12263£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º8.1

CVE±àºÅ£ºCVE-2019-12264£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.1

CVE±àºÅ£ºCVE-2019-11477£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º7.5


¡ñÓ°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾

DejaBlue£º

Aptio by Inpeco:All versionsµÈ


Urgent/11£º

RUGGEDCOM WIN70xx Base Station:All versions

RUGGEDCOM WIN72xx Base Station:All versions


SACK Panic£º

CM 1542-1:All versionsµÈ


¡ñÎó²î¸ÅÊö


±¾ÖܶþÎ÷ÃÅ×ÓÐû²¼¼¸·ÝÇ徲ͨ¸æ£¬£¬£¬£¬£¬£¬£¬ÍƳö×î½üµÄDejaBlue¡¢Urgent/11ºÍSACK PanicÎó²îµÄÐÞ¸´²¹¶¡ ¡£¡£¡£


Î÷ÃÅ×ÓÌåÏÖ£¬£¬£¬£¬£¬£¬£¬Î¢ÈíÔÚ8Ô·ÝÐÞ²¹µÄËĸöWindowsÔ¶³Ì×ÀÃæЧÀÍÎó²îÓ°ÏìÁ˲¿·ÖHealthineers²úÆ·£¬£¬£¬£¬£¬£¬£¬µ«´ó´ó¶¼Ò½ÁƲúƷδÊÜÓ°Ïì ¡£¡£¡£ÕâЩÎó²î±»×·×ÙΪDejaBlue£¬£¬£¬£¬£¬£¬£¬Óë΢ÈíÔÚ5Ô·ÝÐÞ¸´µÄBlueKeepÀàËÆ ¡£¡£¡£


Î÷ÃÅ×Ó»¹¼û¸æ¿Í»§ÆäÐí¶à²úÆ·Êܵ½×î½üÅû¶µÄLinuxÄÚºËÎó²î£¨SACK Panic£©µÄÓ°Ï죬£¬£¬£¬£¬£¬£¬ÆäÖÐ×îÑÏÖصÄÒ»¸öÎó²îΪ¿Éµ¼ÖÂDoSµÄÎó²î£¨CVE-2019-11477£© ¡£¡£¡£


±ðµÄ£¬£¬£¬£¬£¬£¬£¬Î÷ÃÅ×ÓRUGGEDCOM WIN²úÆ·Êܵ½×î½üÅû¶µÄWind River VxWorksÎó²î£¨Urgent/11£©Ó°Ïì ¡£¡£¡£


Î÷ÃÅ×Ó»¹Ðû²¼ÁËÁíÍâËķݱ¨¸æ ¡£¡£¡£ËüÃÇÐÎòÁËIE / WSN-PA LinkÍø¹ØÖеĸßÑÏÖØÐÔ¿çÕ¾¾ç±¾£¨XSS£©Îó²î£¬£¬£¬£¬£¬£¬£¬ÕâÊÇSIMATIC TDC CP51M1Ä£¿£¿ £¿£¿£¿£¿£¿éÖеĸßÑÏÖØÐÔDoSȱÏÝ£¬£¬£¬£¬£¬£¬£¬ÊÇSINETPLANÖиßÑÏÖØÐÔµÄÈÏÖ¤ºóÏÂÁîÖ´Ðйýʧ£¬£¬£¬£¬£¬£¬£¬ÒÔ¼°SINEMA Remote Connect ServerÖеÄÖÖÖÖÖеȺ͸ßÑÏÖØÐÔÎó²î ¡£¡£¡£


¡ñÎó²îÑéÖ¤


ÔÝÎÞPOC/EXP ¡£¡£¡£


¡ñÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬£¬£¬ÏÂÔØÁ´½Ó£ºhttps://new.siemens.com/global/en/products/services/cert.html#SecurityPublications ¡£¡£¡£


¡ñ²Î¿¼Á´½Ó


https://www.securityweek.com/siemens-issues-advisories-dejablue-sack-panic-vulnerabilities