ABB System 800xA | ¶à¸ö°²È«·ì϶¹«¸æ

°ä²¼¹¦·ò 2020-05-21

0x00 ·ì϶¸ÅÊö



²úÆ·

CVE ID

Àà ÐÍ

·ì϶µÈ¼¶

Ô¶³ÌÀûÓÃ

Ó°ÏìÁìÓò

ABB System 800xA

CVE-2020-8478

I

µÍΣ

·ñ

ABB System 800xAËùÓа汾

ABB System 800xA for DCI

CVE-2020-8484

PAC

¸ßΣ

·ñ

ABB System 800xA for DCIËùÓа汾

ABB System 800xA for MOD 300

CVE-2020-8485

PAC

¸ßΣ

·ñ

ABB System 800xA for MOD 300ËùÓа汾

ABB System 800xA RNRP

CVE-2020-8486

PAC

¸ßΣ

·ñ

ABB System 800xA RNRPËùÓа汾

ABB System 800xA Base

CVE-2020-8487

PAC

¸ßΣ

·ñ

ABB System 800xA BaseËùÓа汾

ABB System 800xA Batch Management

CVE-2020-8488

PAC

¸ßΣ

·ñ

ABB System 800xA Batch ManagementËùÓа汾

ABB System 800xA Information Management

CVE-2020-8489

PAC

¸ßΣ

·ñ

ABB System 800xA Information ManagementËùÓа汾


0x01 ·ì϶ÏêÇé


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾




ABB System 800xA Information ManagementÊÇÈðÊ¿ABB¹«Ë¾µÄÒ»Ì×ÐÅÏ¢ÖÎÀíϵͳ¡£¸ÃϵͳÌṩÖÇÄÜÊý¾Ý½Ó¼ûÖ°ÄÜ£¬¿É½Ó¼ûÀ©´ó×Ô¶¯»¯ÏµÍ³ÖÐËùÓÐÀûÓ÷¨Ê½µÄʵʱºÍº¹ÇàÐÅÏ¢¡£ABB System 800xAÖдæÔÚ¶à¸ö°²È«·ì϶£¬¾ßÌåÈçÏ£º

CVE-2020-8478ÊÇABB System 800xAÖдæÔÚµÄ×¢Èë·ì϶¡£±¾µØ¹¥»÷Õß¿ÉÀûÓø÷ì϶עÈëÊý¾Ý£¬Ó°ÏìControl BuilderÖÐÏÔʾµÄÔËÐÐʱÊý¾ÝÊÓͼ¡£

CVE-2020-8484ÊÇABB System 800xA for DCIÖдæÔÚµÄȨÏÞÐí¿ÉºÍ½Ó¼û½ÚÔìÎÊÌâ·ì϶£¬±¾µØ¹¥»÷Õß¿ÉÀûÓø÷ì϶עÈëÊý¾Ý£¬¶Ô½ÚÔìÆ÷½øÐжÁд²Ù×÷»òµ¼ÖÂWindows¹ý³Ì±ÀÀ£¡£

CVE-2020-8485ÊÇABB System 800xA for MOD 300ÖдæÔÚµÄȨÏÞÐí¿ÉºÍ½Ó¼û½ÚÔìÎÊÌâ·ì϶¡£±¾µØ¹¥»÷Õß¿ÉÀûÓø÷ì϶עÈëÊý¾Ý£¬¶Ô½ÚÔìÆ÷½øÐжÁд²Ù×÷»òµ¼ÖÂWindows¹ý³Ì±ÀÀ£¡£

CVE-2020-8486ÊÇABB System 800xA RNRPÖдæÔÚµÄȨÏÞÐí¿ÉºÍ½Ó¼û½ÚÔìÎÊÌâ·ì϶¡£±¾µØ¹¥»÷Õß¿ÉÀûÓø÷ì϶עÈëÊý¾Ý£¬Ó°Ïì½ÚµãÈßÓà´¦Öá£

CVE-2020-8487ÊÇABB System 800xA BaseÖдæÔÚµÄȨÏÞÐí¿ÉºÍ½Ó¼û½ÚÔìÎÊÌâ·ì϶¡£±¾µØ¹¥»÷Õß¿ÉÀûÓø÷ì϶עÈëÊý¾Ý£¬Ó°Ïì½ÚµãÈßÓà´¦Öá£

CVE-2020-8488ÊÇABB System 800xA Batch ManagementÖдæÔÚµÄȨÏÞÐí¿ÉºÍ½Ó¼û½ÚÔìÎÊÌâ·ì϶¡£±¾µØ¹¥»÷Õß¿ÉÀûÓø÷ì϶עÈëÊý¾Ý£¬Ó°ÏìÓû§½çÃæµÄ¸üУ¬±ÈÁ¦/´òÓ¡Ö°ÄÜ¡£

CVE-2020-8489ÊÇABB System 800xA Information ManagementÖдæÔÚµÄȨÏÞÐí¿ÉºÍ½Ó¼û½ÚÔìÎÊÌâ·ì϶¡£±¾µØ¹¥»÷Õß¿ÉÀûÓø÷ì϶עÈëÊý¾Ý¡£


0x02 ´ëÖý¨Òé


Ä¿Ç°³§ÉÌÔÝδ°ä²¼½¨¸´´ëÊ©½â¾ö´Ë°²È«ÎÊÌ⣬½¨ÒéʹÓôËÈí¼þµÄÓû§Ëæʱ¹Ø×¢³§ÉÌÖ÷Ò³»ò²Î¿¼ÍøÖ·ÒÔ»ñÈ¡½â¾ö·¨×Ó£ºhttps://new.abb.com/

һʱ´ëÊ©£ºÓÉÓÚ¹¥»÷Õß±ØÒª¿ÉÄܵǼµ½ÏµÍ³²¢Ö´ÐÐÌØÔìµÄÈí¼þÄÜÁ¦ÀûÓ÷ì϶£¬Òò¶ø±ØҪȷ±£Ö»ÓÐÊÚȨÈËÔ±Äܹ»½Ó¼ûϵͳ½ÚµãÉϵÄÓû§ÕÊ»§£¬²¢ÔÚABB System 800xAÉÏʹÓð×Ãûµ¥¡£


0x03 ÓйØÐÂÎÅ


https://ics-cert.kaspersky.com/news/2020/04/30/abb-vulnerabilities/


0x04 ²Î¿¼Á´½Ó


https://search.abb.com/library/Download.aspx?DocumentID=2PAA121236&LanguageCode=en&DocumentPartId=&Action=Launch


0x05 ¹¦·òÏß


2020-05-21 VSRC°ä²¼·ì϶¹«¸æ


GA»Æ½ð¼×¡¤(ÖйúÇø)¹Ù·½ÍøÕ¾