FL SWITCH¹¤Òµ»¥»»»ú·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2018-06-22

·ì϶±àºÅºÍ¼¶±ð


CVE-2018-10728  ¸ßΣ  CVSS·ÖÖµ£º8.1
CVE-2018-10729  ÖÐΣ  CVSS·ÖÖµ£º5.3
CVE-2018-10730  ÑϳÁ  CVSS·ÖÖµ£º9.1
CVE-2018-10731  ÑϳÁ  CVSS·ÖÖµ£º9.0


Ó°ÏìÁìÓò


¸Ã·ì϶ӰÏìËùÓзÆÄá¿Ë˹µçÆøÖÎÀíµÄºÍËùÓÐPhoenix ContactÖÎÀíµÄFL SWITCH 3xxx£¬4xxx£¬48xx²úÆ·ÔËÐй̼þ°æ±¾1.0ÖÁ1.33¡£


·ì϶¸ÅÊö


½üÆÚ£¬µÂ¹úµçÆø¹¤³ÌºÍ×Ô¶¯»¯¹«Ë¾ Phoenix µçÆø¹«Ë¾Åû¶ÁËFL SWITCH¹¤Òµ»¥»»»úÖеÄËĸö·ì϶¡£ÕâЩÉ豸¶àÓÃÓÚÊý×Ö»¯±äµçÕ¾ÒÔ¼°Ê¯ÓÍÌìÈ»Æø£¬º£Ô˺ÍÆäËûÐÐÒµµÄ×Ô¶¯»¯£¬Óл㱨³Æ£¬ÕâЩ°²È«·ì϶¿ÉÄÜ»á¶ÔFL SWITCHÉ豸½øÐÐÈ«Ãæ½ÚÔ죬ÇëÊÜÓ°ÏìµÄÓû§ÊµÊ±¸üС£


CVE-2018-10728


¹¥»÷Õß¿ÉÀûÓø÷ì϶ִÐлؾø·þÎñ£¬ÔËÐÐËÁÒâ´úÂë»ò½ûÓÃWebºÍTelnet·þÎñ¡£


CVE-2018-10729


δ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÄÜ»á¶ÁÈ¡»¥»»»úÅäÖÃÎļþµÄÄÚÈÝ¡£


CVE-2018-10730


Ó°Ïì°æ±¾£º ËùÓзÆÄá¿Ë˹µçÆøÖÎÀíµÄFL SWITCH 3xxx£¬4xxx£¬48xx²úÆ·ÔËÐй̼þ°æ±¾1.0ÖÁ1.33¡£


ÕâÊÇ×îΣÏյķì϶£¬ÕâʹµÃ¹¥»÷ÕßÄܹ»ÔÚ»¥»»»úÉÏÔËÐÐËÁÒâºÅÁî¡£ ÀýÈ磬ÕâЩºÅÁî¿ÉÄÜÔ̺¬¶Ï¿ªËùÓÐÉ豸Ó빤ҵÍøÂçµÄÏνÓ£¬Õâ»áΣ¼°ÏÖ³¡²Ù×÷¡£


CVE-2018-10731


Ó°Ïì°æ±¾£ºËùÓÐPhoenix ContactÖÎÀíµÄFL SWITCH 3xxx£¬4xxx£¬48xx²úÆ·ÔÚÔËÐй̼þ°æ±¾1.0ÖÁ1.33¡£


Õâ¸ö·ì϶ͬÑùΣÏÕ£¬»º³åÇøÒç³ö¿ÉÓÃÓÚ»ñÈ¡¶Ô»¥»»»úÉϲÙ×÷ϵͳÎļþµÄδÊÚȨ½Ó¼û²¢ÔËÐÐËÁÒâ´úÂë¡£


½¨¸´½¨Ò飺


ΪÁËά³Ö°²È«£¬½¨Òé¸üÐÂÖÁ¹Ì¼þ°æ±¾1.34¡£


²Î¿¼Á´½Ó£º


https://www.darkreading.com/iot/four-new-vulnerabilities-in-phoenix-contact-industrial-switches/d/d-id/1332121?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple


https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advisory_CVE-2018-10728_Stack-based_Buffer.pdf


https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advisory_CVE-2018-10729_Insecure_Direct_Object_Reference.pdf


https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advisory_CVE-2018-10730_Authenticated_Remote_Code_Execution.pdf


https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advisory_CVE-2018-10731.pdf