FL SWITCH¹¤Òµ½»Á÷»úÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2018-06-22

Îó²î±àºÅºÍ¼¶±ð


CVE-2018-10728  ¸ßΣ  CVSS·ÖÖµ£º8.1
CVE-2018-10729  ÖÐΣ  CVSS·ÖÖµ£º5.3
CVE-2018-10730  ÑÏÖØ  CVSS·ÖÖµ£º9.1
CVE-2018-10731  ÑÏÖØ  CVSS·ÖÖµ£º9.0


Ó°Ïì¹æÄ£


¸ÃÎó²îÓ°ÏìËùÓзÆÄá¿Ë˹µçÆøÖÎÀíµÄºÍËùÓÐPhoenix ContactÖÎÀíµÄFL SWITCH 3xxx£¬£¬£¬£¬£¬£¬£¬4xxx£¬£¬£¬£¬£¬£¬£¬48xx²úÆ·ÔËÐй̼þ°æ±¾1.0ÖÁ1.33¡£¡£¡£¡£¡£¡£¡£


Îó²î¸ÅÊö


½üÆÚ£¬£¬£¬£¬£¬£¬£¬µÂ¹úµçÆø¹¤³ÌºÍ×Ô¶¯»¯¹«Ë¾ Phoenix µçÆø¹«Ë¾Åû¶ÁËFL SWITCH¹¤Òµ½»Á÷»úÖеÄËĸöÎó²î¡£¡£¡£¡£¡£¡£¡£ÕâЩװ±¸¶àÓÃÓÚÊý×Ö»¯±äµçÕ¾ÒÔ¼°Ê¯ÓÍ×ÔÈ»Æø£¬£¬£¬£¬£¬£¬£¬º£Ô˺ÍÆäËûÐÐÒµµÄ×Ô¶¯»¯£¬£¬£¬£¬£¬£¬£¬Óб¨¸æ³Æ£¬£¬£¬£¬£¬£¬£¬ÕâЩÇå¾²Îó²î¿ÉÄÜ»á¶ÔFL SWITCH×°±¸¾ÙÐÐÖÜÈ«¿ØÖÆ£¬£¬£¬£¬£¬£¬£¬ÇëÊÜÓ°ÏìµÄÓû§ÊµÊ±¸üС£¡£¡£¡£¡£¡£¡£


CVE-2018-10728


¹¥»÷Õß¿ÉʹÓøÃÎó²îÖ´ÐоܾøЧÀÍ£¬£¬£¬£¬£¬£¬£¬ÔËÐÐí§Òâ´úÂë»ò½ûÓÃWebºÍTelnetЧÀÍ¡£¡£¡£¡£¡£¡£¡£


CVE-2018-10729


δ¾­Éí·ÝÑéÖ¤µÄ¹¥»÷Õß¿ÉÄÜ»á¶ÁÈ¡½»Á÷»úÉèÖÃÎļþµÄÄÚÈÝ¡£¡£¡£¡£¡£¡£¡£


CVE-2018-10730


Ó°Ïì°æ±¾£º ËùÓзÆÄá¿Ë˹µçÆøÖÎÀíµÄFL SWITCH 3xxx£¬£¬£¬£¬£¬£¬£¬4xxx£¬£¬£¬£¬£¬£¬£¬48xx²úÆ·ÔËÐй̼þ°æ±¾1.0ÖÁ1.33¡£¡£¡£¡£¡£¡£¡£


ÕâÊÇ×îΣÏÕµÄÎó²î£¬£¬£¬£¬£¬£¬£¬ÕâʹµÃ¹¥»÷Õß¿ÉÒÔÔÚ½»Á÷»úÉÏÔËÐÐí§ÒâÏÂÁî¡£¡£¡£¡£¡£¡£¡£ ÀýÈ磬£¬£¬£¬£¬£¬£¬ÕâЩÏÂÁî¿ÉÄÜ°üÀ¨¶Ï¿ªËùÓÐ×°±¸Ó빤ҵÍøÂçµÄÅþÁ¬£¬£¬£¬£¬£¬£¬£¬Õâ»áΣ¼°ÏÖ³¡²Ù×÷¡£¡£¡£¡£¡£¡£¡£


CVE-2018-10731


Ó°Ïì°æ±¾£ºËùÓÐPhoenix ContactÖÎÀíµÄFL SWITCH 3xxx£¬£¬£¬£¬£¬£¬£¬4xxx£¬£¬£¬£¬£¬£¬£¬48xx²úÆ·ÔÚÔËÐй̼þ°æ±¾1.0ÖÁ1.33¡£¡£¡£¡£¡£¡£¡£


Õâ¸öÎó²îͬÑùΣÏÕ£¬£¬£¬£¬£¬£¬£¬»º³åÇøÒç³ö¿ÉÓÃÓÚ»ñÈ¡¶Ô½»Á÷»úÉϲÙ×÷ϵͳÎļþµÄδÊÚȨ»á¼û²¢ÔËÐÐí§Òâ´úÂë¡£¡£¡£¡£¡£¡£¡£


ÐÞ¸´½¨Ò飺


ΪÁ˼á³ÖÇå¾²£¬£¬£¬£¬£¬£¬£¬½¨Òé¸üÐÂÖÁ¹Ì¼þ°æ±¾1.34¡£¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó£º


https://www.darkreading.com/iot/four-new-vulnerabilities-in-phoenix-contact-industrial-switches/d/d-id/1332121?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple


https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advisory_CVE-2018-10728_Stack-based_Buffer.pdf


https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advisory_CVE-2018-10729_Insecure_Direct_Object_Reference.pdf


https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advisory_CVE-2018-10730_Authenticated_Remote_Code_Execution.pdf


https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/Security_Advisory_CVE-2018-10731.pdf