Weidmueller¹¤Òµ»¥»»»úÖеĶà¸ö·ì϶·çÏÕ¹«¸æ

°ä²¼¹¦·ò 2019-12-09

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-16670 £¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-16671 £¬Î£ÏÕ¼¶±ð£ºÖÐΣ £¬CVSS·ÖÖµ£º6.5

CVE±àºÅ£ºCVE-2019-16672 £¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬CVSS·ÖÖµ£º9.8

CVE±àºÅ£ºCVE-2019-16673 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ£º7.5

CVE±àºÅ£ºCVE-2019-16674 £¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬CVSS·ÖÖµ£º9.8


Ó°Ïì°æ±¾


IE-SW-VL05M-5TX firmware v3.6.6 Build 16102415 and prior          

IE-SW-VL05MT-5TX firmware v3.6.6 Build 16102415 and prior        

IE-SW-VL05M-3TX-2SC firmware v3.6.6 Build 16102415 and prior      

IE-SW-VL05MT-3TX-2SC firmware v3.6.6 Build 16102415 and prior    

IE-SW-VL05M-3TX-2ST firmware v3.6.6 Build 16102415 and prior      

IE-SW-VL05MT-3TX-2ST firmware v3.6.6 Build 16102415 and prior    

IE-SW-VL08MT-8TX firmware v3.5.2 Build 16102415 and prior        

IE-SW-VL08MT-5TX-3SC firmware v3.5.2 Build 16102415 and prior    

IE-SW-VL08MT-5TX-1SC-2SCS firmware v3.5.2 Build 16102415 and prior

IE-SW-VL08MT-6TX-2ST firmware v3.5.2 Build 16102415 and prior    

IE-SW-VL08MT-6TX-2SC firmware v3.5.2 Build 16102415 and prior    

IE-SW-VL08MT-6TX-2SCS firmware v3.5.2 Build 16102415 and prior    

IE-SW-PL08M-8TX firmware v3.3.8 Build 16102416 and prior          

IE-SW-PL08MT-8TX firmware v3.3.8 Build 16102416 and prior        

IE-SW-PL08M-6TX-2SC firmware v3.3.8 Build 16102416 and prior      

IE-SW-PL08MT-6TX-2SC firmware v3.3.8 Build 16102416 and prior    

IE-SW-PL08M-6TX-2ST firmware v3.3.8 Build 16102416 and prior      

IE-SW-PL08MT-6TX-2ST firmware v3.3.8 Build 16102416 and prior    

IE-SW-PL08M-6TX-2SCS firmware v3.3.8 Build 16102416 and prior    

IE-SW-PL08MT-6TX-2SCS firmware v3.3.8 Build 16102416 and prior    

IE-SW-PL10M-3GT-7TX firmware v3.3.16 Build 16102416 and prior    

IE-SW-PL10MT-3GT-7TX firmware v3.3.16 Build 16102416 and prior    

IE-SW-PL10M-1GT-2GS-7TX firmware v3.3.16 Build 16102416 and prior

IE-SW-PL10MT-1GT-2GS-7TX firmware v3.3.16 Build 16102416 and prior

IE-SW-PL16M-16TX firmware v3.4.2 Build 16102416 and prior        

IE-SW-PL16MT-16TX firmware v3.4.2 Build 16102416 and prior        

IE-SW-PL16M-14TX-2SC firmware v3.4.2 Build 16102416 and prior    

IE-SW-PL16MT-14TX-2SC firmware v3.4.2 Build 16102416 and prior    

IE-SW-PL16M-14TX-2ST firmware v3.4.2 Build 16102416 and prior    

IE-SW-PL16MT-14TX-2ST firmware v3.4.2 Build 16102416 and prior    

IE-SW-PL18M-2GC-16TX firmware v3.4.4 Build 16102416 and prior    

IE-SW-PL18MT-2GC-16TX firmware v3.4.4 Build 16102416 and prior    

IE-SW-PL18M-2GC14TX2SC firmware v3.4.4 Build 16102416 and prior  

IE-SW-PL18MT-2GC14TX2SC firmware v3.4.4 Build 16102416 and prior  

IE-SW-PL18M-2GC14TX2ST firmware v3.4.4 Build 16102416 and prior  

IE-SW-PL18MT-2GC14TX2ST firmware v3.4.4 Build 16102416 and prior  

IE-SW-PL18M-2GC14TX2SCS firmware v3.4.4 Build 16102416 and prior  

IE-SW-PL18MT-2GC14TX2SCS firmware v3.4.4 Build 16102416 and prior

IE-SW-PL09M-5GC-4GT firmware v3.3.4 Build 16102416 and prior      

IE-SW-PL09MT-5GC-4GT firmware v3.3.4 Build 16102416 and prior    


·ì϶¸ÅÊö


Weidmueller IE-SW-VL05M-5TXµÈ¶¼Êǵ¹úWeidmueller¹«Ë¾µÄÒ»¿îÒÔÌ«Íø»¥»»»ú ¡£


CVE-2019-16670£º¸Ã·ì϶ԴÓÚÉí·ÝÑéÖ¤»úÔìûÓнøÐб©Á¦Æƽâ±£»¤ ¡£¹¥»÷Õß¿ÉÀûÓø÷ì϶ִÐб©Á¦Æƽ⹥»÷ ¡£


CVE-2019-16671£º¶à¿îWeidmueller²úÆ·ÖдæÔÚ×ÊÔ´ÖÎÀíÃýÎó·ì϶ ¡£¸Ã·ì϶ԴÓÚÍøÂçϵͳ»ò²úÆ·¶Ôϵͳ×ÊÔ´£¨ÈçÄÚ´æ¡¢´ÅÅ̿ռ䡢ÎļþµÈ£©µÄÖÎÀí²»µ± ¡£


CVE-2019-16672£º¶à¿îWeidmueller²úÆ·ÖдæÔÚ°²È«·ì϶ £¬¸Ã·ì϶ԴÓÚ·¨Ê½ÒÔÃ÷ÎĵĴó¾Ö´«µÝÃô¸ÐµÄƾ֤Êý¾Ý ¡£


CVE-2019-16673£º¶à¿îWeidmueller²úÆ·ÖдæÔÚ°²È«·ì϶ £¬¸Ã·ì϶ԴÓÚ·¨Ê½½«ÃÜÂë´æ´¢ÎªÃ÷ÎÄ´ó¾Ö ¡£¹¥»÷Õß¿ÉÀûÓø÷ì϶¶ÁÈ¡ÃÜÂë ¡£


CVE-2019-16674£º¶à¿îWeidmueller²úÆ·ÖдæÔÚ°²È«·ì϶ ¡£¹¥»÷Õß¿ÉÀûÓø÷ì϶²Â²â³öcookieÖеÄÉí·ÝÑéÖ¤ÐÅÏ¢ ¡£


·ì϶ÑéÖ¤


ÔÝÎÞPOC/EXP ¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶ £¬ÏêÇéÇë¹Ø×¢³§ÉÌÖ÷Ò³£º

https://www.weidmueller.com ¡£


»º½â´ëÊ©£º


CVE-2019-16672:


IE-SW-VL05MºÍIE-SW-VL08MTϵÁл¥»»»ú£º


×°Öý¨²¹¹Ì¼þºó £¬Äܹ»Ê¹ÓÃhttpsͨ¹ý¼ÓÃÜͨѶ½Ó¼ûWeb½çÃæ £¬²¢ÇÒÄܹ»Í¨¹ýÑ¡Ôñ¡°½öhttps¡±½«Web½çÃæ½Ó¼ûÅäÖÃΪȷ±£¼ÓÃÜÏνÓ ¡£Äܹ»Í¨¹ýÒÔÏÂõ辶½Ó¼û´ËÉèÖõÄÏàÓ¦Web½çÃæ²Ëµ¥²¿ÃÅ£ºÖ÷²Ëµ¥>¸ù»ùÉèÖÃ>ϵͳ£º½«¡° WebÅäÖá±ÉèÖÃΪ¡°½öhttps¡± ¡£


IE-SW-PL08M £¬IE-SW-PL10M £¬IE-SW-PL16M £¬IE-SW-PL18MºÍIE-SW-PL09MϵÁл¥»»»ú£º


ͨ¹ýÑ¡Ôñ¡°½öhttps¡± £¬Äܹ»ÅäÖÃWeb½çÃæ½Ó¼ûÒÔÈ·±£¼ÓÃÜÏνÓ ¡£Äܹ»Í¨¹ýÒÔÏÂõ辶½Ó¼û´ËÉèÖõÄÏàÓ¦Web½çÃæ²Ëµ¥²¿ÃÅ£ºÖ÷²Ëµ¥>¸ù»ùÉèÖÃ>ϵͳ£º½«¡° WebÅäÖá±ÉèÖÃΪ¡°½öhttps¡± ¡£


CVE-2019-16670, CVE-2019-16671, CVE-2019-16673, and CVE-2019-16674:


IE-SW-VL05M £¬IE-SW-VL08MT £¬IE-SW-PL08M £¬IE-SW-PL10M £¬IE-SW-PL16M £¬IE-SW-PL18MºÍIE-SW-PL09MϵÁл¥»»»ú£º


ÔÚ»¥»»»úÉÏ×°Öò¹¶¡¹Ì¼þºó £¬Äܹ»Í¨¹ýÓÃÓÚWindows OSµÄÃûΪ¡° WM Switch Utility¡±µÄWeidmuellerÅäÖÃÈí¼þ½ûÓÃδ¼ÓÃܵÄËÑË÷·þÎñ £¬²¢ÆôÓý«Óëеġ° Weidmueller Switch Configuration¡±Ò»Â·Ê¹ÓõļÓÃÜËÑË÷·þÎñ ¡£Ä¬ÈÏÇé¿öÏ £¬ÕâÁ½ÖÖ·þÎñ£¨¼ÓÃܺÍδ¼ÓÃܵÄËÑË÷·þÎñ£©¶¼´¦ÓÚÆôÓÃ״̬ ¡£ ΪԤ·À±¾½ÚÖÐÌáµ½µÄ·ì϶ £¬Ó¦½ûÓÃδ¼ÓÃܵÄËÑË÷·þÎñ ¡£Äܹ»Í¨¹ýÒÔÏÂõ辶½Ó¼û´ËÉèÖõÄÏàÓ¦Web½çÃæ²Ëµ¥²¿ÃÅ£ºÖ÷²Ëµ¥>¸ù»ùÉèÖÃ>°²È«ÐÔ>ÖÎÀí½çÃ棺ȡµÞÑ¡ÖÓ×°ÆôÓÃËÑË÷·þÎñ¡±¸´Ñ¡¿ò ¡£


²Î¿¼Á´½Ó


https://www.securityweek.com/weidmueller-patches-critical-vulnerabilities-industrial-switches