Î÷ÃÅ×Ó¶à¸ö²úÆ·ÑϳÁ·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-04-11

·ì϶±àºÅºÍ¼¶±ð



CVE±àºÅ£ºCVE-2018-3991£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ10£¬¹Ù·½Î´ÆÀ¶¨
CVE±àºÅ£ºCVE-2019-6579£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ10£¬¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2018-5379£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬CVSS·ÖÖµ£º³§ÉÌ×ÔÆÀ9.8£¬¹Ù·½Î´ÆÀ¶¨



Ó°Ïì°æ±¾



SIMATIC WinCC OA Version 3.14 < P025
SIMATIC WinCC OA Version 3.15 < P018
SIMATIC WinCC OA Version 3.16 < P007
Õ¼ÓÐWeb Office PortalµÄSpectrum Power 4¾ùÊÜÓ°Ïì
RUGGEDCOM ROX II version < V2.13.0

snapd 2.28 ÖÁ2.37°æ±¾



·ì϶¸ÅÊö



Î÷ÃÅ×Ó£¨SIEMENS£©¹Ù·½°ä²¼¹«¸æ½¨¸´ÁËÆä¶à¿î²úÆ·ÖзÖÆçˮƽµÄ°²È«·ì϶£¬ÊÜÓ°Ïì²úÆ·Ô̺¬SIMATIC WinCC OA¡¢Spectrum Power¡¢RUGGEDCOM RXO IIµÈ¡£


SIMATIC WinCC OA Ô¶³Ì´úÂëÖ´Ðзì϶ ¨C CVE-2018-3991


Ó°ÏìSIMATIC WinCC OAµÄ·ì϶CVE-2018-3991ÊÇÓÉÓÚ22347/TCP¶Ë¿ÚµÄ½Ó¼û½ÚÔì²»µ±¶ø²úÉú£¬³É¹¦ÀûÓø÷ì϶¿ÉÄܻᵼÖ¶ÑÒç³ö£¬´Ó¶øÒý·¢Ç±ÔÚµÄÔ¶³Ì´úÂëÖ´ÐС£


Spectrum Power 4.7ºÅÁî×¢Èë·ì϶ ¨C CVE-2019-6579


Ôڶ˿Ú80 / TCP»ò443 / TCPÉÏÓµÓÐÍøÂç½Ó¼ûȨÏ޵Ĺ¥»÷ÕßÄܹ»Ê¹ÓÃÖÎÀíȨÏÞÖ´ÐÐϵͳºÅÁî¡£


RUGGEDCOM ROX II ¨C CVE-2018-5379


ÔÚ´¦ÖÃijЩ´ó¾ÖµÄUPDATEÐÂÎÅ£¨Ô̺¬¼¯ÈºÁбíºÍ/»òδ֪ÊôÐÔ£©Ê±£¬Quagga BGPÊØ»¤·¨Ê½£¨bgpd£©µÄ¿¯Ðа汾Äܹ»Ë«³Á¿ªÊÍÄÚ´æ¡£ ³É¹¦µÄ¹¥»÷¿ÉÄܵ¼Ö»ؾø·þÎñ»ò¿ÉÄÜÔÊÐí¹¥»÷ÕßÖ´ÐÐËÁÒâ´úÂë¡£


·ì϶ÑéÖ¤



ÔÝÎÞPOC¡¢EXP¡£



½¨¸´½¨Òé



Î÷ÃÅ×Ó¹Ù·½ÒѾ­°ä²¼ÁËÓйز¹¶¡½¨¸´ÁËÉÏÊö·ì϶£¬¸ü¶àÐÅÏ¢Çë²Î¿¼£º
https://cert-portal.siemens.com/productcert/pdf/ssa-844562.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf

https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf



²Î¿¼Á´½Ó



https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications