¶à¿îÂÞ¿ËΤ¶û½ÚÔìÆ÷ÊäÈëÑéÖ¤ÃýÎó·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-04-26

·ì϶±àºÅºÍ¼¶±ð



CVE±àºÅ£ºCVE-2019-10955£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º7.1



Ó°Ïì°æ±¾¼°²úÆ·



MicroLogix 1400 Controllers
Series A, All Versions

Series B, v15.002 and earlier


MicroLogix 1100 Controllers v14.00 and earlier
CompactLogix 5370 L1 controllers v30.014 and earlier
CompactLogix 5370 L2 controllers v30.014 and earlier

CompactLogix 5370 L3 controllers (includes CompactLogix GuardLogix controllers) v30.014 and earlier



·ì϶¸ÅÊö



MicroLogix 1400 Controllers Series AµÈÊÇÃÀ¹úÂÞ¿ËΤ¶û¹«Ë¾µÄ¿É±à³ÌÂß¼­½ÚÔìÆ÷¡£


¶à¿îÂÞ¿ËΤ¶û¿É±à³ÌÂß¼­½ÚÔìÆ÷ (PLCs) ²úÆ·Öб»ÆØÑϳÁ·ì϶£¬¿É±»Ô¶³Ì¹¥»÷ÕßÓÃÓÚ½«Óû§³Á¶¨ÏòÖÁ¶ñÒâÕ¾µã¡£


ICS-CERT½«¸Ã·ìϼûèÊöΪʢ¿ªµÄ³Á¶¨Ïò·ì϶£¬ºÍÔËÐÐÔÚÕâЩÉ豸É쵀 web ·þÎñÆ÷ÓйØ¡£¸Ãweb·þÎñÆ÷½ÓÊÜÀ´×ÔPLCs web½Ó¿ÚµÄÓû§ÊäÈ룬Զ³ÌδÈÏÖ¤¹¥»÷Õß¿É×¢Èë¶ñÒâÁ´½Ó£¬½«Óû§´Ó½ÚÔìÆ÷µÄweb·þÎñÆ÷³Á¶¨ÏòÖÁËÁÒâÕ¾µã¡£



·ì϶ÑéÖ¤



ÔÝÎÞPOC/EXP¡£



½¨¸´½¨Òé



Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬ÏêÇéÇë¹Ø×¢³§ÉÌÖ÷Ò³£ºhttps://www.rockwellautomation.com/¡£


²Î¿¼Á´½Ó



https://ics-cert.us-cert.gov/advisories/ICSA-19-113-01