AVEVAÁ½¸öÑÏÖØÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2018-11-09

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2018-17916£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ 9.8£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-17914£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ 9.8£¬¹Ù·½Î´ÆÀ¶¨


Ó°Ïì°æ±¾


InduSoft Web Studio versions  <=  1 SP2

InTouch Edge HMI (formerly InTouch Machine Edition) versions  <=  2017 SP2


Îó²î¸ÅÊö


¿ËÈÕ£¬AVEVAÐû²¼Ç徲ͨ¸æ³ÆÐÞ¸´ÁË2¸ö¹¤ÒµÈí¼þÖеĸßΣÎó²î¡£
AVEVAÓ¢¹úÅÌËã»úÈí¼þÉÌ¡£ÎªÔì´¬ºÍº£Ñ󹤳̡¢Ê¯ÓͺÍ×ÔÈ»Æø¡¢ÔìÖ½¡¢µçÁ¦¡¢»¯¹¤ºÍÖÆÒ©µÈ¹¤ÒµÁìÓòÌṩȫÉúÃüÖÜÆÚ½â¾ö¼Æ»®¼°·þÎñ¡£
CVE-2018-17916ÊÇÒ»¸öÕ»Òç³öÎó²î£¬¹¥»÷Õß¿ÉÒÔ·¢ËÍÒ»¸öÌØÖƵÄÊý¾Ý°üÀ´´¥·¢¸ÃÎó²î£¬µ¼ÖÂÔÚδÊÚȨµÄÇéÐÎÏÂÔ¶³ÌÖ´ÐдúÂë¡£
CVE-2018-17914Ô´ÓÚÒ»¸öÉèÖÃÎļþÖеĿÕÃÜÂëÎÊÌ⣬һ¸öδÊÚȨµÄ¹¥»÷Õß¿ÉÒÔʹÓÃÊÜÓ°ÏìÈí¼þµÄÏàͬȨÏÞÀ´Ô¶³ÌÖ´ÐдúÂë¡£

×ðÁú¿­Ê±¡¤(ÖйúÇø)ÈËÉú¾ÍÊDz«!


Îó²îÑéÖ¤


ÔÝÎÞPOC/EXP


ÐÞ¸´½¨Òé


AVEVA¹Ù·½ÒѾ­Ðû²¼ÁËа汾ÐÞ¸´ÁËÉÏÊöÎó²î£¬ÇëÊÜÓ°ÏìµÄÓû§¾¡¿ì¸üоÙÐзÀ»¤¡£
а汾ÏÂÔصصãÈçÏ£º
InduSoft Web Studio v8.1 SP2
http://download.indusoft.com/81.2.0/IWS81.2.0.zip
InTouch Edge HMI (formerly InTouch Machine Edition)

https://softwaresupportsp.schneider-electric.com/#/producthub/details?id=5223


²Î¿¼Á´½Ó


https://sw.aveva.com/hubfs/assets-2018/pdf/security-bulletin/SecurityBulletin_LFSec130.pdf