Î÷ÃÅ×ÓDejaBlue¡¢Urgent/11ºÍSACK PanicÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-09-12

¡ñÎó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-1181£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1182£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1222£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-1226£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12255£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12256£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12257£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º8.8

CVE±àºÅ£ºCVE-2019-12258£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-12259£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-12260£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-12261£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º8.8

CVE±àºÅ£ºCVE-2019-12262£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º7.1

CVE±àºÅ£ºCVE-2019-12263£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º8.1

CVE±àºÅ£ºCVE-2019-12264£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º7.1

CVE±àºÅ£ºCVE-2019-11477£¬£¬£¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬ £¬CVSS·ÖÖµ£º7.5


¡ñÓ°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾

DejaBlue£º

Aptio by Inpeco:All versionsµÈ


Urgent/11£º

RUGGEDCOM WIN70xx Base Station:All versions

RUGGEDCOM WIN72xx Base Station:All versions


SACK Panic£º

CM 1542-1:All versionsµÈ


¡ñÎó²î¸ÅÊö


±¾ÖܶþÎ÷ÃÅ×ÓÐû²¼¼¸·ÝÇ徲ͨ¸æ£¬£¬£¬£¬ £¬ÍƳö×î½üµÄDejaBlue¡¢Urgent/11ºÍSACK PanicÎó²îµÄÐÞ¸´²¹¶¡¡£¡£


Î÷ÃÅ×ÓÌåÏÖ£¬£¬£¬£¬ £¬Î¢ÈíÔÚ8Ô·ÝÐÞ²¹µÄËĸöWindowsÔ¶³Ì×ÀÃæЧÀÍÎó²îÓ°ÏìÁ˲¿·ÖHealthineers²úÆ·£¬£¬£¬£¬ £¬µ«´ó´ó¶¼Ò½ÁƲúƷδÊÜÓ°Ïì¡£¡£ÕâЩÎó²î±»×·×ÙΪDejaBlue£¬£¬£¬£¬ £¬Óë΢ÈíÔÚ5Ô·ÝÐÞ¸´µÄBlueKeepÀàËÆ¡£¡£


Î÷ÃÅ×Ó»¹¼û¸æ¿Í»§ÆäÐí¶à²úÆ·Êܵ½×î½üÅû¶µÄLinuxÄÚºËÎó²î£¨SACK Panic£©µÄÓ°Ï죬£¬£¬£¬ £¬ÆäÖÐ×îÑÏÖصÄÒ»¸öÎó²îΪ¿Éµ¼ÖÂDoSµÄÎó²î£¨CVE-2019-11477£©¡£¡£


±ðµÄ£¬£¬£¬£¬ £¬Î÷ÃÅ×ÓRUGGEDCOM WIN²úÆ·Êܵ½×î½üÅû¶µÄWind River VxWorksÎó²î£¨Urgent/11£©Ó°Ïì¡£¡£


Î÷ÃÅ×Ó»¹Ðû²¼ÁËÁíÍâËķݱ¨¸æ¡£¡£ËüÃÇÐÎòÁËIE / WSN-PA LinkÍø¹ØÖеĸßÑÏÖØÐÔ¿çÕ¾¾ç±¾£¨XSS£©Îó²î£¬£¬£¬£¬ £¬ÕâÊÇSIMATIC TDC CP51M1Ä£¿£¿£¿£¿£¿£¿éÖеĸßÑÏÖØÐÔDoSȱÏÝ£¬£¬£¬£¬ £¬ÊÇSINETPLANÖиßÑÏÖØÐÔµÄÈÏÖ¤ºóÏÂÁîÖ´Ðйýʧ£¬£¬£¬£¬ £¬ÒÔ¼°SINEMA Remote Connect ServerÖеÄÖÖÖÖÖеȺ͸ßÑÏÖØÐÔÎó²î¡£¡£


¡ñÎó²îÑéÖ¤


ÔÝÎÞPOC/EXP¡£¡£


¡ñÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬ £¬ÏÂÔØÁ´½Ó£ºhttps://new.siemens.com/global/en/products/services/cert.html#SecurityPublications¡£¡£


¡ñ²Î¿¼Á´½Ó


https://www.securityweek.com/siemens-issues-advisories-dejablue-sack-panic-vulnerabilities