Ê©Ä͵µçÆøModicon M580ÖеĶà¸ö·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-10-10

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6846£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ5.9£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6844£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6843£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6842£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6841£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6845£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ5.9£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6847£¬Î£ÏÕ¼¶±ð£ºÖÐΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ4.9£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6851£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ7.5£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


Schneider Electric Modicon M580 BMEP582040 SV2.80


·ì϶¸ÅÊö


Schneider Electric Modicon M580ÊÇ·¨¹úÊ©Ä͵µçÆø£¨Schneider Electric£©¹«Ë¾µÄÒ»¿î¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷¡£Schneider Electric Modicon M580ÖдæÔÚ¶à¸ö·ì϶£¬¾ßÌåÈçÏ£º


CVE-2019-6846

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTPÖ°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõÄÐÅϢй¶·ì϶¡£¹¥»÷ÕßÄܹ»Ðá̽ÍøÂçÁ÷Á¿ÒÔÀûÓô˷ì϶¡£


CVE-2019-6844/CVE-2019-6843/CVE-2019-6842

Schneider Electric Modicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷¹Ì¼þ°æ±¾SV2.80µÄFTP¹Ì¼þ¸üÐÂÖ°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõĻؾø·þÎñ·ì϶¡£ÌØÔìµÄ¹Ì¼þÓ³Ïñ¿ÉÄܵ¼ÖÂÉ豸½øÈë¿É¸´Ô­µÄ¹ÊÕÏ״̬£¬´Ó¶øµ¼ÖÂÕý³£É豸ִÐÐÖÕ³¡¡£¹¥»÷ÕßÄܹ»Ê¹ÓÃĬÈÏÍ´´¦À´·¢ËÍ´¥·¢´Ë·ì϶µÄºÅÁî¡£


CVE-2019-6841

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTP¹Ì¼þ¸üзþÎñÖ°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõĻؾø·þÎñ·ì϶¡£Ò»×éÌØÊⶩ¹ºµÄFTPºÅÁî¿ÉÄÜ»áʹFTP loader·þÎñ½øÈëÆÚ´ý״̬£¬´Ó¶øµ¼ÖÂÎÞ·¨Í¨¹ýFTP¸üÐÂÉ豸¹Ì¼þ¡£¹¥»÷ÕßÄܹ»Ê¹ÓÃĬÈÏÍ´´¦À´·¢ËÍ´¥·¢´Ë·ì϶µÄºÅÁî¡£


CVE-2019-6845

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷µÄ¹Ì¼þ°æ±¾SV2.80µÄUMASÖ°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõÄÐÅϢй¶·ì϶¡£¹¥»÷ÕßÄܹ»Ðá̽ÍøÂçÁ÷Á¿ÒÔÀûÓô˷ì϶¡£


CVE-2019-6847

Ê©Ä͵µçÆøModicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷µÄ¹Ì¼þ°æ±¾ÎªSV2.80µÄFTP¹Ì¼þ¸üÐÂÖ°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõĻؾø·þÎñ·ì϶¡£¹ýÆڵĹ̼þÓ³Ïñ¿ÉÄܵ¼ÖÂÉ豸½øÈë²»³É¸´Ô­µÄ¹ÊÕÏ״̬£¬´Ó¶øµ¼ÖÂÓëÉ豸µÄÔ¶³ÌͨѶÆëÈ«ÖÕ³¡¡£¹¥»÷ÕßÄܹ»Ê¹ÓÃĬÈÏÍ´´¦À´·¢ËÍ´¥·¢´Ë·ì϶µÄºÅÁî¡£


CVE-2019-6851

Schneider Electric Modicon M580¿É±à³Ì×Ô¶¯»¯½ÚÔìÆ÷µÄTFTP·þÎñÆ÷Ö°ÄÜÖдæÔÚÒ»¸ö¿ÉÀûÓõÄÐÅϢй¶·ì϶¡£ÌØÔìµÄTFTP»ñÈ¡ÒªÇó¿ÉÄܵ¼ÖÂÎļþÏÂÔØ£¬´Ó¶øµ¼ÖÂÃô¸ÐÐÅϢй¶¡£¹¥»÷ÕßÄܹ»·¢ËÍδ¾­Éí·ÝÑéÖ¤µÄºÅÁîÀ´´¥·¢´Ë·ì϶¡£


·ì϶ÑéÖ¤


CVE-2019-6844£º

POC: https://talosintelligence.com/reports/TALOS-2019-0825


CVE-2019-6843

POC: https://talosintelligence.com/reports/TALOS-2019-0824


CVE-2019-6842

POC: https://talosintelligence.com/reports/TALOS-2019-0823


CVE-2019-6841

POC: https://talosintelligence.com/reports/TALOS-2019-0822


CVE-2019-6851

POC: https://talosintelligence.com/reports/TALOS-2019-0851


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÔÝδ°ä²¼½¨¸´´ëÊ©½â¾ö´Ë°²È«ÎÊÌ⣬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³

»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö·¨×Ó£º

https://www.schneider-electric.com


²Î¿¼Á´½Ó


https://blog.talosintelligence.com/2019/10/vuln-spotlight-schneider-electric-m580-part-2-sept-2019.html