Phoenix Contact Automation Worx¶à¸ö·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-06-26

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-12869 £¬Î£ÏÕ¼¶±ð£ºµÍΣ £¬CVSS·ÖÖµ³§ÉÌ×ÔÆÀ£º3.3 £¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-12870 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ³§ÉÌ×ÔÆÀ£º7.8 £¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-12871 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ³§ÉÌ×ÔÆÀ£º7.8 £¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


ÊÜÓ°ÏìµÄ°æ±¾


ºÏÓÃÓÚPhoenix Contact Automation Worx Software SuiteÖеÄPC Worx 1.86¼°Ö®Ç°°æ±¾¡¢PC Worx Express 1.86¼°Ö®Ç°°æ±¾ºÍConfig+ 1.86¼°Ö®Ç°°æ±¾¡£


·ì϶¸ÅÊö


Phoenix Contact Automation Worx Software SuiteÊǵ¹ú·ÆÄá¿Ë˹µçÆø£¨Phoenix Contact£©¹«Ë¾µÄÒ»Ì××Ô¶¯»¯WorxÈí¼þÌ×¼þ¡£PC WorxÊÇÆäÖеÄÒ»Ì×½ÚÔìÆ÷±à³ÌÈí¼þ¡£Config+ÊÇÆäÖеÄÒ»Ì×ÓÃÓÚÅäÖúÍÕï¶ÏINTERBUSϵͳµÄÈí¼þ¡£


Phoenix Contact Automation WorxÖдæÔÚ¶à¸ö·ì϶ £¬¾ßÌåÈçÏ£º


CVE-2019-12869£º


¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úÆ·ÔÚÄÚ´æÉÏÖ´ÐвÙ×÷ʱ £¬Î´ÕýÈ·ÑéÖ¤Êý¾ÝÌìǵ £¬µ¼ÖÂÏò¹ØÁªµÄÆäËûÄÚ´æµØλÉÏÖ´ÐÐÁËÃýÎóµÄ¶Áд²Ù×÷¡£¹¥»÷Õß¿ÉÀûÓø÷ì϶µ¼Ö»º³åÇøÒç³ö»ò¶ÑÒç³öµÈ¡£


CVE-2019-12870£º


¸Ã·ì϶ԴÓÚÔÚ½Ó¼ûÖ¸Õë֮ǰ¶ÌȱÊʵ±µÄÖ¸Õë³õʼ»¯¡£¹¥»÷ÕßÄܹ»ÀûÓô˷ì϶ÔÚµ±Ç°¹ý³ÌµÄ¸ßµÍÎÄÖÐÖ´ÐдúÂë

¡£

CVE-2019-12871£º


¸Ã·ì϶ԴÓÚÔÚ¶Ô¶ÔÏóÖ´ÐвÙ×÷֮ǰ²»×ãÑéÖ¤¶ÔÏóÊÇ·ñ´æÔÚ¡£¹¥»÷ÕßÄܹ»ÀûÓô˷ì϶ÔÚµ±Ç°¹ý³ÌµÄ¸ßµÍÎÄÖÐÖ´ÐдúÂë¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶ £¬ÏêÇéÇë¹Ø×¢³§ÉÌÖ÷Ò³£º

https://www.phoenixcontact.com/


²Î¿¼Á´½Ó


https://www.zerodayinitiative.com/advisories/ZDI-19-579/
https://www.zerodayinitiative.com/advisories/ZDI-19-575/
https://www.zerodayinitiative.com/advisories/ZDI-19-576/