Ê©Ä͵µçÆøModicon M580ÖеĶà¸öÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-10-10

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6846£¬£¬ £¬£¬ £¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬ £¬£¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ5.9£¬£¬ £¬£¬ £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6844£¬£¬ £¬£¬ £¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬ £¬£¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬ £¬£¬ £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6843£¬£¬ £¬£¬ £¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬ £¬£¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬ £¬£¬ £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6842£¬£¬ £¬£¬ £¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬ £¬£¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬ £¬£¬ £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6841£¬£¬ £¬£¬ £¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬ £¬£¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬ £¬£¬ £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6845£¬£¬ £¬£¬ £¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬ £¬£¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ5.9£¬£¬ £¬£¬ £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6847£¬£¬ £¬£¬ £¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬£¬ £¬£¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬£¬ £¬£¬ £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6851£¬£¬ £¬£¬ £¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬ £¬£¬ £¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.5£¬£¬ £¬£¬ £¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Schneider Electric Modicon M580 BMEP582040 SV2.80


Îó²î¸ÅÊö


Schneider Electric Modicon M580ÊÇ·¨¹úÊ©Ä͵µçÆø£¨Schneider Electric£©¹«Ë¾µÄÒ»¿î¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷¡£¡£¡£¡£¡£Schneider Electric Modicon M580Öб£´æ¶à¸öÎó²î£¬£¬ £¬£¬ £¬ÏêϸÈçÏ£º


CVE-2019-6846

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTP¹¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõÄÐÅϢй¶Îó²î¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔÐá̽ÍøÂçÁ÷Á¿ÒÔʹÓôËÎó²î¡£¡£¡£¡£¡£


CVE-2019-6844/CVE-2019-6843/CVE-2019-6842

Schneider Electric Modicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷¹Ì¼þ°æ±¾SV2.80µÄFTP¹Ì¼þ¸üй¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõľܾøЧÀÍÎó²î¡£¡£¡£¡£¡£ÌØÖƵĹ̼þÓ³Ïñ¿ÉÄܵ¼ÖÂ×°±¸½øÈë¿É»Ö¸´µÄ¹ÊÕÏ״̬£¬£¬ £¬£¬ £¬´Ó¶øµ¼ÖÂÕý³£×°±¸Ö´ÐÐ×èÖ¹¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔʹÓÃĬÈÏƾ֤À´·¢ËÍ´¥·¢´ËÎó²îµÄÏÂÁî¡£¡£¡£¡£¡£


CVE-2019-6841

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTP¹Ì¼þ¸üÐÂЧÀ͹¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõľܾøЧÀÍÎó²î¡£¡£¡£¡£¡£Ò»×éÌØÊⶩ¹ºµÄFTPÏÂÁî¿ÉÄÜ»áʹFTP loaderЧÀͽøÈëÆÚ´ý״̬£¬£¬ £¬£¬ £¬´Ó¶øµ¼ÖÂÎÞ·¨Í¨¹ýFTP¸üÐÂ×°±¸¹Ì¼þ¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔʹÓÃĬÈÏƾ֤À´·¢ËÍ´¥·¢´ËÎó²îµÄÏÂÁî¡£¡£¡£¡£¡£


CVE-2019-6845

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷µÄ¹Ì¼þ°æ±¾SV2.80µÄUMAS¹¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõÄÐÅϢй¶Îó²î¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔÐá̽ÍøÂçÁ÷Á¿ÒÔʹÓôËÎó²î¡£¡£¡£¡£¡£


CVE-2019-6847

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTP¹Ì¼þ¸üй¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõľܾøЧÀÍÎó²î¡£¡£¡£¡£¡£ÓâÆڵĹ̼þÓ³Ïñ¿ÉÄܵ¼ÖÂ×°±¸½øÈë²»¿É»Ö¸´µÄ¹ÊÕÏ״̬£¬£¬ £¬£¬ £¬´Ó¶øµ¼ÖÂÓë×°±¸µÄÔ¶³ÌͨѶÍêÈ«×èÖ¹¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔʹÓÃĬÈÏƾ֤À´·¢ËÍ´¥·¢´ËÎó²îµÄÏÂÁî¡£¡£¡£¡£¡£


CVE-2019-6851

Schneider Electric Modicon M580¿É±à³Ì×Ô¶¯»¯¿ØÖÆÆ÷µÄTFTPЧÀÍÆ÷¹¦Ð§Öб£´æÒ»¸ö¿ÉʹÓõÄÐÅϢй¶Îó²î¡£¡£¡£¡£¡£ÌØÖƵÄTFTP»ñÈ¡ÇëÇó¿ÉÄܵ¼ÖÂÎļþÏÂÔØ£¬£¬ £¬£¬ £¬´Ó¶øµ¼ÖÂÃô¸ÐÐÅϢй¶¡£¡£¡£¡£¡£¹¥»÷Õß¿ÉÒÔ·¢ËÍδ¾­Éí·ÝÑéÖ¤µÄÏÂÁîÀ´´¥·¢´ËÎó²î¡£¡£¡£¡£¡£


Îó²îÑéÖ¤


CVE-2019-6844£º

POC: https://talosintelligence.com/reports/TALOS-2019-0825


CVE-2019-6843

POC: https://talosintelligence.com/reports/TALOS-2019-0824


CVE-2019-6842

POC: https://talosintelligence.com/reports/TALOS-2019-0823


CVE-2019-6841

POC: https://talosintelligence.com/reports/TALOS-2019-0822


CVE-2019-6851

POC: https://talosintelligence.com/reports/TALOS-2019-0851


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÔÝδÐû²¼ÐÞ¸´²½·¥½â¾ö´ËÇå¾²ÎÊÌ⣬£¬ £¬£¬ £¬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³

»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö²½·¥£º

https://www.schneider-electric.com


²Î¿¼Á´½Ó


https://blog.talosintelligence.com/2019/10/vuln-spotlight-schneider-electric-m580-part-2-sept-2019.html